Arbitrary Command Execution Vulnerability in Kindle Touch by Amazon
CVE-2012-4249

Currently unrated

Key Information:

Vendor: Amazon
Status: Kindle Touch
Vendor: CVE Published:; 12 August 2012

What is CVE-2012-4249?

The Kindle Touch by Amazon is vulnerable to an arbitrary command execution flaw due to improper handling of input strings, allowing attackers to exploit shell metacharacters. This vulnerability enables context-dependent attackers to execute arbitrary commands through methods such as lipc-set-prop for setting LIPC properties. This critical oversight highlights the need for users to ensure their devices are updated to at least version 5.1.2 to mitigate risk.

References

http://www.mobileread.com/forums/showthread.php?s=c7953cc...

x_refsource_MISC

http://www.kb.cert.org/vuls/id/122656

third-party-advisoryx_refsource_CERT-VN

http://www.kb.cert.org/vuls/id/MORO-8WKGBN

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Aug 12, 2012