CVE-2012-4248

Name of the Vulnerable Software and Affected Versions Amazon Kindle Touch versions prior to 5.1.2

Description The issue is related to improper access restriction to the libkindleplugin.so NPAPI plugin interface. This might allow remote attackers to have an unspecified impact via vectors involving the dev.log, lipc.set, lipc.get, or todo.scheduleItems method.

Recommendations For Amazon Kindle Touch versions prior to 5.1.2, update to version 5.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the libkindleplugin.so NPAPI plugin interface until a patch is available. Avoid using the dev.log, lipc.set, lipc.get, or todo.scheduleItems method in the affected plugin interface until the issue is resolved.