Search criteria
5 vulnerabilities found for java by apple
VAR-201005-0870
Vulnerability from variot - Updated: 2025-04-11 21:59Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 do not properly handle mediaLibImage objects, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted applet, related to the com.sun.medialib.mlib package. Successful exploits will allow an attacker to run arbitrary code in the context of the affected software. Failed exploit attempts may result in denial-of-service conditions. This issue affects the following: Mac OS X 10.5.8 (and prior versions) Mac OS X Server 10.5.8 (and prior versions) Mac OS X 10.6.3 (and prior versions) Mac OS X Server 10.6.3 (and prior versions). Apple Java used by the Mac operating system cannot properly handle the mediaLibImage object. ----------------------------------------------------------------------
Looking for a job?
Secunia is hiring skilled researchers and talented developers. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, disclose potentially sensitive information, cause a DoS (Denial of Service), or to compromise a user's system.
For more information: SA34451 SA37255 SA39260
1) An error in the handling of mediaLibImage objects can be exploited to cause an out-of-bounds memory access and potentially execute arbitrary code when a user e.g. visits a web page containing a specially crafted Java applet.
2) A signedness error when drawing windows can be exploited to corrupt memory and potentially execute arbitrary code when a user e.g. visits a web page containing a specially crafted Java applet.
SOLUTION: Apply updates. http://support.apple.com/kb/DL971
PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Marc Schoenefeld, University of Bamberg. 2) The vendor credits Jonathan Bringhurst of Northrop Grumman, and Jeffrey Czerniak.
ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4170 http://support.apple.com/kb/HT4171
OTHER REFERENCES: SA34451: http://secunia.com/advisories/34451/
SA37255: http://secunia.com/advisories/37255/
SA39260: http://secunia.com/advisories/39260/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201005-0870",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "java",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "*"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.3"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.6.3"
},
{
"model": "java",
"scope": null,
"trust": 0.6,
"vendor": "apple",
"version": null
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.8"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
}
],
"sources": [
{
"db": "BID",
"id": "40238"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001504"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-312"
},
{
"db": "NVD",
"id": "CVE-2010-0538"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001504"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marc Schoenefeld of University of Bamberg",
"sources": [
{
"db": "BID",
"id": "40238"
}
],
"trust": 0.3
},
"cve": "CVE-2010-0538",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2010-0538",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-43143",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-0538",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2010-0538",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201005-312",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-43143",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-43143"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001504"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-312"
},
{
"db": "NVD",
"id": "CVE-2010-0538"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 do not properly handle mediaLibImage objects, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted applet, related to the com.sun.medialib.mlib package. \nSuccessful exploits will allow an attacker to run arbitrary code in the context of the affected software. Failed exploit attempts may result in denial-of-service conditions. \nThis issue affects the following:\nMac OS X 10.5.8 (and prior versions)\nMac OS X Server 10.5.8 (and prior versions)\nMac OS X 10.6.3 (and prior versions)\nMac OS X Server 10.6.3 (and prior versions). Apple Java used by the Mac operating system cannot properly handle the mediaLibImage object. ----------------------------------------------------------------------\n\n\nLooking for a job?\n\n\nSecunia is hiring skilled researchers and talented developers. This fixes some\nvulnerabilities, which can be exploited by malicious people to bypass\ncertain security restrictions, manipulate certain data, disclose\npotentially sensitive information, cause a DoS (Denial of Service),\nor to compromise a user\u0027s system. \n\nFor more information:\nSA34451\nSA37255\nSA39260\n\n1) An error in the handling of mediaLibImage objects can be exploited\nto cause an out-of-bounds memory access and potentially execute\narbitrary code when a user e.g. visits a web page containing a\nspecially crafted Java applet. \n\n2) A signedness error when drawing windows can be exploited to\ncorrupt memory and potentially execute arbitrary code when a user\ne.g. visits a web page containing a specially crafted Java applet. \n\nSOLUTION:\nApply updates. \nhttp://support.apple.com/kb/DL971\n\nPROVIDED AND/OR DISCOVERED BY:\n1) The vendor credits Marc Schoenefeld, University of Bamberg. \n2) The vendor credits Jonathan Bringhurst of Northrop Grumman, and\nJeffrey Czerniak. \n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT4170\nhttp://support.apple.com/kb/HT4171\n\nOTHER REFERENCES:\nSA34451:\nhttp://secunia.com/advisories/34451/\n\nSA37255:\nhttp://secunia.com/advisories/37255/\n\nSA39260:\nhttp://secunia.com/advisories/39260/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-0538"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001504"
},
{
"db": "BID",
"id": "40238"
},
{
"db": "VULHUB",
"id": "VHN-43143"
},
{
"db": "PACKETSTORM",
"id": "89697"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "40238",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2010-0538",
"trust": 2.8
},
{
"db": "SECUNIA",
"id": "39819",
"trust": 2.6
},
{
"db": "VUPEN",
"id": "ADV-2010-1191",
"trust": 2.5
},
{
"db": "SECTRACK",
"id": "1024011",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001504",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201005-312",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2010-05-18-2",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2010-05-18-1",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-43143",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "89697",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-43143"
},
{
"db": "BID",
"id": "40238"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001504"
},
{
"db": "PACKETSTORM",
"id": "89697"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-312"
},
{
"db": "NVD",
"id": "CVE-2010-0538"
}
]
},
"id": "VAR-201005-0870",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-43143"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T21:59:41.079000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT4170",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4170"
},
{
"title": "HT4171",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4171"
},
{
"title": "HT4170",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4170?viewlocale=ja_JP"
},
{
"title": "HT4171",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT4171?viewlocale=ja_JP"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001504"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-43143"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001504"
},
{
"db": "NVD",
"id": "CVE-2010-0538"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/40238"
},
{
"trust": 2.5,
"url": "http://securitytracker.com/id?1024011"
},
{
"trust": 2.5,
"url": "http://secunia.com/advisories/39819"
},
{
"trust": 2.5,
"url": "http://www.vupen.com/english/advisories/2010/1191"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht4170"
},
{
"trust": 1.8,
"url": "http://support.apple.com/kb/ht4171"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2010//may/msg00001.html"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2010//may/msg00002.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0538"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0538"
},
{
"trust": 0.3,
"url": "http://www.apple.com/macosx/"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/dl972"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/39819/"
},
{
"trust": 0.1,
"url": "http://support.apple.com/kb/dl971"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/jobs/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/34451/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/39260/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/37255/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-43143"
},
{
"db": "BID",
"id": "40238"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001504"
},
{
"db": "PACKETSTORM",
"id": "89697"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-312"
},
{
"db": "NVD",
"id": "CVE-2010-0538"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-43143"
},
{
"db": "BID",
"id": "40238"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-001504"
},
{
"db": "PACKETSTORM",
"id": "89697"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-312"
},
{
"db": "NVD",
"id": "CVE-2010-0538"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-05-21T00:00:00",
"db": "VULHUB",
"id": "VHN-43143"
},
{
"date": "2010-05-18T00:00:00",
"db": "BID",
"id": "40238"
},
{
"date": "2010-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001504"
},
{
"date": "2010-05-19T05:58:57",
"db": "PACKETSTORM",
"id": "89697"
},
{
"date": "2010-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201005-312"
},
{
"date": "2010-05-21T19:30:01.583000",
"db": "NVD",
"id": "CVE-2010-0538"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-05-24T00:00:00",
"db": "VULHUB",
"id": "VHN-43143"
},
{
"date": "2010-05-18T00:00:00",
"db": "BID",
"id": "40238"
},
{
"date": "2010-06-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-001504"
},
{
"date": "2010-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201005-312"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2010-0538"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201005-312"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple Mac OS X Run on Java Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-001504"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201005-312"
}
],
"trust": 0.6
}
}
VAR-200906-0281
Vulnerability from variot - Updated: 2025-04-10 23:16The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in the first argument, which is dereferenced as a pointer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.The specific flaw exists in the undocumented apple.laf.CColourUIResource(long, int, int ,int, int) constructor. When passing a long integer value as the first argument, the value is interpreted as pointer to an Objective-C object. By constructing a special memory structure and passing the pointer to the first argument an attacker may execute arbitrary code. Sun Java Runtime Environment (JRE) is prone to a privilege-escalation vulnerability. This issue affects JRE 1.5 running on Mac OS X 10.5. NOTE: This BID is being retied because the vulnerability was previously documented in BID 35381 (Sun Java Runtime Environment Aqua Look and Feel Privilege Escalation Vulnerability). The Aqua Look and Feel interface package implemented by Java does not correctly verify the parameters passed to the apple.laf.CColourUIResource(long, int, int ,int, int) constructor, if a super long integer is passed to the first parameter value, which is interpreted as a pointer to an Objective-C object. ZDI-09-043: Apple Java CColorUIResource Pointer Derference Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-043 June 16, 2009
-- CVE ID: CVE-2009-1719
-- Affected Vendors: Apple
-- Affected Products: Apple Java
-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 6800.
-- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at:
http://support.apple.com/kb/HT3632
-- Disclosure Timeline: 2009-01-26 - Vulnerability reported to vendor 2009-06-16 - Coordinated public release of advisory
-- Credit: This vulnerability was discovered by: * Anonymous
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200906-0281",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jre 1.5.0 12",
"scope": null,
"trust": 1.8,
"vendor": "sun",
"version": null
},
{
"model": "jre 04",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.5.0 11",
"scope": null,
"trust": 1.8,
"vendor": "sun",
"version": null
},
{
"model": "jre 06",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.5.0 14",
"scope": null,
"trust": 1.8,
"vendor": "sun",
"version": null
},
{
"model": "jre 02",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 01",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.5.0 10",
"scope": null,
"trust": 1.8,
"vendor": "sun",
"version": null
},
{
"model": "jre 05",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.5.0 17",
"scope": null,
"trust": 1.8,
"vendor": "sun",
"version": null
},
{
"model": "jre 03",
"scope": "eq",
"trust": 1.8,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.5.0 13",
"scope": null,
"trust": 1.8,
"vendor": "sun",
"version": null
},
{
"model": "jre",
"scope": "eq",
"trust": 1.2,
"vendor": "sun",
"version": "1.5"
},
{
"model": "jre 1.5.0.0 08",
"scope": null,
"trust": 1.2,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.5.0.0 07",
"scope": null,
"trust": 1.2,
"vendor": "sun",
"version": null
},
{
"model": "jre 1.5.0.0 09",
"scope": null,
"trust": 1.2,
"vendor": "sun",
"version": null
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "jre",
"scope": "eq",
"trust": 1.0,
"vendor": "sun",
"version": "1.5.0_11-b03"
},
{
"model": "java",
"scope": null,
"trust": 0.7,
"vendor": "apple",
"version": null
},
{
"model": "jre beta",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5.0"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "jre 07",
"scope": "eq",
"trust": 0.6,
"vendor": "sun",
"version": "1.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "jre 1.5.0 09",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "jre 1.5.0 08",
"scope": null,
"trust": 0.6,
"vendor": "sun",
"version": null
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.5.6"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.5.7"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.5.2"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.5.1"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.5.4"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.5"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.5.5"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.5.0"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.5.7"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "10.5.3"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-09-043"
},
{
"db": "BID",
"id": "35401"
},
{
"db": "BID",
"id": "35381"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-280"
},
{
"db": "NVD",
"id": "CVE-2009-1719"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001831"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-09-043"
}
],
"trust": 0.7
},
"cve": "CVE-2009-1719",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2009-1719",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-39165",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-1719",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2009-1719",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200906-280",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-39165",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39165"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001831"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-280"
},
{
"db": "NVD",
"id": "CVE-2009-1719"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in the first argument, which is dereferenced as a pointer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.The specific flaw exists in the undocumented apple.laf.CColourUIResource(long, int, int ,int, int) constructor. When passing a long integer value as the first argument, the value is interpreted as pointer to an Objective-C object. By constructing a special memory structure and passing the pointer to the first argument an attacker may execute arbitrary code. Sun Java Runtime Environment (JRE) is prone to a privilege-escalation vulnerability. \nThis issue affects JRE 1.5 running on Mac OS X 10.5. \nNOTE: This BID is being retied because the vulnerability was previously documented in BID 35381 (Sun Java Runtime Environment Aqua Look and Feel Privilege Escalation Vulnerability). The Aqua Look and Feel interface package implemented by Java does not correctly verify the parameters passed to the apple.laf.CColourUIResource(long, int, int ,int, int) constructor, if a super long integer is passed to the first parameter value, which is interpreted as a pointer to an Objective-C object. ZDI-09-043: Apple Java CColorUIResource Pointer Derference Code Execution Vulnerability\nhttp://www.zerodayinitiative.com/advisories/ZDI-09-043\nJune 16, 2009\n\n-- CVE ID:\nCVE-2009-1719\n\n-- Affected Vendors:\nApple\n\n-- Affected Products:\nApple Java\n\n-- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability by Digital Vaccine protection filter ID 6800. \n\n-- Vendor Response:\nApple has issued an update to correct this vulnerability. More\ndetails can be found at:\n\nhttp://support.apple.com/kb/HT3632\n\n-- Disclosure Timeline:\n2009-01-26 - Vulnerability reported to vendor\n2009-06-16 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by:\n * Anonymous\n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\na best-of-breed model for rewarding security researchers for responsibly\ndisclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is\nused. TippingPoint does not re-sell the vulnerability details or any\nexploit code. Instead, upon notifying the affected product vendor,\nTippingPoint provides its customers with zero day protection through\nits intrusion prevention technology. Explicit details regarding the\nspecifics of the vulnerability are not exposed to any parties until\nan official vendor patch is publicly available. Furthermore, with the\naltruistic aim of helping to secure a broader user base, TippingPoint\nprovides this vulnerability information confidentially to security\nvendors (including competitors) who have a vulnerability protection or\nmitigation product. \n\nOur vulnerability disclosure policy is available online at:\n\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-1719"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001831"
},
{
"db": "ZDI",
"id": "ZDI-09-043"
},
{
"db": "BID",
"id": "35401"
},
{
"db": "BID",
"id": "35381"
},
{
"db": "VULHUB",
"id": "VHN-39165"
},
{
"db": "PACKETSTORM",
"id": "78473"
}
],
"trust": 2.97
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-39165",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39165"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-1719",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-09-043",
"trust": 3.1
},
{
"db": "BID",
"id": "35381",
"trust": 2.8
},
{
"db": "BID",
"id": "35401",
"trust": 2.0
},
{
"db": "XF",
"id": "51185",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001831",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-416",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20090616 ZDI-09-043: APPLE JAVA CCOLORUIRESOURCE POINTER DERFERENCE CODE EXECUTION VULNERABILITY",
"trust": 0.6
},
{
"db": "APPLE",
"id": "APPLE-SA-2009-06-15-1",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200906-280",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "78473",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-39165",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-09-043"
},
{
"db": "VULHUB",
"id": "VHN-39165"
},
{
"db": "BID",
"id": "35401"
},
{
"db": "BID",
"id": "35381"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001831"
},
{
"db": "PACKETSTORM",
"id": "78473"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-280"
},
{
"db": "NVD",
"id": "CVE-2009-1719"
}
]
},
"id": "VAR-200906-0281",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-39165"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T23:16:27.017000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT3632",
"trust": 1.5,
"url": "http://support.apple.com/kb/HT3632"
},
{
"title": "HT3632",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3632?viewlocale=ja_JP"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-09-043"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001831"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39165"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001831"
},
{
"db": "NVD",
"id": "CVE-2009-1719"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://support.apple.com/kb/ht3632"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/35381"
},
{
"trust": 1.8,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-043"
},
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00003.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/35401"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/51185"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/504364/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51185"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1719"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1719"
},
{
"trust": 0.6,
"url": "http://www.zerodayinitiative.com/advisories/zdi-09-043/"
},
{
"trust": 0.6,
"url": "http://software.cisco.com/download/navigator.html?mdfid=283613663"
},
{
"trust": 0.6,
"url": "http://java.sun.com/index.jsp"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/504364/100/0/threaded"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com/advisories/disclosure_policy/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-1719"
},
{
"trust": 0.1,
"url": "http://www.tippingpoint.com"
},
{
"trust": 0.1,
"url": "http://www.zerodayinitiative.com"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-09-043"
},
{
"db": "VULHUB",
"id": "VHN-39165"
},
{
"db": "BID",
"id": "35401"
},
{
"db": "BID",
"id": "35381"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001831"
},
{
"db": "PACKETSTORM",
"id": "78473"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-280"
},
{
"db": "NVD",
"id": "CVE-2009-1719"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-09-043"
},
{
"db": "VULHUB",
"id": "VHN-39165"
},
{
"db": "BID",
"id": "35401"
},
{
"db": "BID",
"id": "35381"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-001831"
},
{
"db": "PACKETSTORM",
"id": "78473"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-280"
},
{
"db": "NVD",
"id": "CVE-2009-1719"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-06-16T00:00:00",
"db": "ZDI",
"id": "ZDI-09-043"
},
{
"date": "2009-06-16T00:00:00",
"db": "VULHUB",
"id": "VHN-39165"
},
{
"date": "2009-06-16T00:00:00",
"db": "BID",
"id": "35401"
},
{
"date": "2009-06-15T00:00:00",
"db": "BID",
"id": "35381"
},
{
"date": "2009-07-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001831"
},
{
"date": "2009-06-17T00:52:13",
"db": "PACKETSTORM",
"id": "78473"
},
{
"date": "2009-06-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200906-280"
},
{
"date": "2009-06-16T23:30:00.233000",
"db": "NVD",
"id": "CVE-2009-1719"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-06-16T00:00:00",
"db": "ZDI",
"id": "ZDI-09-043"
},
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-39165"
},
{
"date": "2009-06-16T20:09:00",
"db": "BID",
"id": "35401"
},
{
"date": "2009-06-16T20:09:00",
"db": "BID",
"id": "35381"
},
{
"date": "2009-07-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-001831"
},
{
"date": "2009-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200906-280"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-1719"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "78473"
},
{
"db": "CNNVD",
"id": "CNNVD-200906-280"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mac OS X Running on Java Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-001831"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "35401"
},
{
"db": "BID",
"id": "35381"
}
],
"trust": 0.6
}
}
VAR-200909-0309
Vulnerability from variot - Updated: 2025-04-10 22:35Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Java 1.4 is prone to a denial-of-service vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200909-0309",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "10.5.7"
},
{
"model": "java 1.6",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "0"
},
{
"model": "java 1.4",
"scope": "eq",
"trust": 1.6,
"vendor": "apple",
"version": "2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5.2"
},
{
"model": "java 1.5",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "0"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5.6"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5.2"
},
{
"model": "java 1.4",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "2"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5.1"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5.3"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5.6"
},
{
"model": "java 1.6",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "0"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5.5"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5.1"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5.0"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5.3"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5.7"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.5.4"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "mac os x server",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "v10.5.8"
},
{
"model": "java 1.5",
"scope": "eq",
"trust": 0.6,
"vendor": "apple",
"version": "0"
},
{
"model": "java",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.5019"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.6"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.3"
},
{
"model": "java",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.6013"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.5"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "java",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "1.4221"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.7"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.22008-002"
},
{
"model": "mac os server",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.5.1"
}
],
"sources": [
{
"db": "BID",
"id": "79457"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002084"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-151"
},
{
"db": "NVD",
"id": "CVE-2009-2205"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002084"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "79457"
}
],
"trust": 0.3
},
"cve": "CVE-2009-2205",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2009-2205",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-39651",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2009-2205",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2009-2205",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200909-151",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-39651",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39651"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002084"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-151"
},
{
"db": "NVD",
"id": "CVE-2009-2205"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. Java 1.4 is prone to a denial-of-service vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2205"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002084"
},
{
"db": "BID",
"id": "79457"
},
{
"db": "VULHUB",
"id": "VHN-39651"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-2205",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1022820",
"trust": 2.8
},
{
"db": "VUPEN",
"id": "ADV-2009-2543",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002084",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200909-151",
"trust": 0.7
},
{
"db": "APPLE",
"id": "APPLE-SA-2009-09-03-1",
"trust": 0.6
},
{
"db": "BID",
"id": "79457",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-39651",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39651"
},
{
"db": "BID",
"id": "79457"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002084"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-151"
},
{
"db": "NVD",
"id": "CVE-2009-2205"
}
]
},
"id": "VAR-200909-0309",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-39651"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-10T22:35:01.358000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT3851",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3851"
},
{
"title": "HT3851",
"trust": 0.8,
"url": "http://support.apple.com/kb/HT3851?viewlocale=ja_JP"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002084"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39651"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002084"
},
{
"db": "NVD",
"id": "CVE-2009-2205"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://securitytracker.com/id?1022820"
},
{
"trust": 2.5,
"url": "http://www.vupen.com/english/advisories/2009/2543"
},
{
"trust": 2.0,
"url": "http://lists.apple.com/archives/security-announce/2009/sep/msg00000.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2205"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2205"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-39651"
},
{
"db": "BID",
"id": "79457"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002084"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-151"
},
{
"db": "NVD",
"id": "CVE-2009-2205"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-39651"
},
{
"db": "BID",
"id": "79457"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002084"
},
{
"db": "CNNVD",
"id": "CNNVD-200909-151"
},
{
"db": "NVD",
"id": "CVE-2009-2205"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-09T00:00:00",
"db": "VULHUB",
"id": "VHN-39651"
},
{
"date": "2009-09-09T00:00:00",
"db": "BID",
"id": "79457"
},
{
"date": "2009-10-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002084"
},
{
"date": "2009-09-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200909-151"
},
{
"date": "2009-09-09T22:30:00.217000",
"db": "NVD",
"id": "CVE-2009-2205"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-39651"
},
{
"date": "2009-09-09T00:00:00",
"db": "BID",
"id": "79457"
},
{
"date": "2009-10-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002084"
},
{
"date": "2009-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200909-151"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2009-2205"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200909-151"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mac OS X for Java of Java Web Start Command launcher buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002084"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200909-151"
}
],
"trust": 0.6
}
}
CVE-2010-0538 (GCVE-0-2010-0538)
Vulnerability from nvd – Published: 2010-05-21 19:00 – Updated: 2024-09-16 23:25
VLAI?
Summary
Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 do not properly handle mediaLibImage objects, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted applet, related to the com.sun.medialib.mlib package.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:52:19.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2010-05-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
},
{
"name": "39819",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39819"
},
{
"name": "APPLE-SA-2010-05-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
},
{
"name": "1024011",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024011"
},
{
"name": "40238",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40238"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4170"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4171"
},
{
"name": "ADV-2010-1191",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 do not properly handle mediaLibImage objects, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted applet, related to the com.sun.medialib.mlib package."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-05-21T19:00:00Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2010-05-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
},
{
"name": "39819",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39819"
},
{
"name": "APPLE-SA-2010-05-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
},
{
"name": "1024011",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024011"
},
{
"name": "40238",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40238"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4170"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4171"
},
{
"name": "ADV-2010-1191",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1191"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-0538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 do not properly handle mediaLibImage objects, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted applet, related to the com.sun.medialib.mlib package."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-05-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
},
{
"name": "39819",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39819"
},
{
"name": "APPLE-SA-2010-05-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
},
{
"name": "1024011",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024011"
},
{
"name": "40238",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40238"
},
{
"name": "http://support.apple.com/kb/HT4170",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4170"
},
{
"name": "http://support.apple.com/kb/HT4171",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4171"
},
{
"name": "ADV-2010-1191",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1191"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2010-0538",
"datePublished": "2010-05-21T19:00:00Z",
"dateReserved": "2010-02-03T00:00:00Z",
"dateUpdated": "2024-09-16T23:25:44.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0538 (GCVE-0-2010-0538)
Vulnerability from cvelistv5 – Published: 2010-05-21 19:00 – Updated: 2024-09-16 23:25
VLAI?
Summary
Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 do not properly handle mediaLibImage objects, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted applet, related to the com.sun.medialib.mlib package.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:52:19.405Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2010-05-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
},
{
"name": "39819",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39819"
},
{
"name": "APPLE-SA-2010-05-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
},
{
"name": "1024011",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024011"
},
{
"name": "40238",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40238"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4170"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4171"
},
{
"name": "ADV-2010-1191",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1191"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 do not properly handle mediaLibImage objects, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted applet, related to the com.sun.medialib.mlib package."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-05-21T19:00:00Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2010-05-18-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
},
{
"name": "39819",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39819"
},
{
"name": "APPLE-SA-2010-05-18-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
},
{
"name": "1024011",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024011"
},
{
"name": "40238",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40238"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4170"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4171"
},
{
"name": "ADV-2010-1191",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1191"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2010-0538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 do not properly handle mediaLibImage objects, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted applet, related to the com.sun.medialib.mlib package."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-05-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
},
{
"name": "39819",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39819"
},
{
"name": "APPLE-SA-2010-05-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
},
{
"name": "1024011",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1024011"
},
{
"name": "40238",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40238"
},
{
"name": "http://support.apple.com/kb/HT4170",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4170"
},
{
"name": "http://support.apple.com/kb/HT4171",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4171"
},
{
"name": "ADV-2010-1191",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1191"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2010-0538",
"datePublished": "2010-05-21T19:00:00Z",
"dateReserved": "2010-02-03T00:00:00Z",
"dateUpdated": "2024-09-16T23:25:44.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}