Overview
Kindle Touch 5.1.0 contains a scriptable browser plugin which can be invoked by accessing a malicious web page.
Description
It has been reported that Kindle Touch 5.1.0 has introduced a NPAPI plugin /usr/lib/libkindleplugin.so (symlinked to /usrl/lib/browser/plugins/libkindleplugin.so) that can be used by the system-wide WebKit engine. libkindleplugin is scriptable by the browser and can be invoked to access its "exported" native methods when a user accesses a web page containing embedded scripts. The user eureka has reported on the MobileRead forums that they have found multiple "exported" properties and methods associated with libkindleplugin.
|
Impact
By convincing a user to access a specially crafted web page, a remote, unauthenticated attacker may be able to execute arbitrary code with root privileges. |
Solution
Update |
Disable libkindleplugin |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 9.3 | AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Temporal | 7.3 | E:POC/RL:OF/RC:C |
| Environmental | 1.8 | CDP:N/TD:L/CR:ND/IR:ND/AR:ND |
References
Acknowledgements
Thanks to eureka on the MobileRead forums for reporting this vulnerability.
This document was written by Michael Orlando.
Other Information
| CVE IDs: | CVE-2012-4248, CVE-2012-4249 |
| Date Public: | 2012-04-04 |
| Date First Published: | 2012-07-30 |
| Date Last Updated: | 2013-04-08 23:37 UTC |
| Document Revision: | 22 |