The IcedTea-Web plugin prior to 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote malicious users to cause a denial of service (crash), obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat icedtea-web |
||
redhat icedtea-web 1.1 |
||
redhat icedtea-web 1.0 |