Vulnerabilities > CVE-2010-0539 - Numeric Errors vulnerability in Apple Java 1.5 and Java 1.6
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted applet.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 | |
| OS | 11 |
Common Weakness Enumeration (CWE)
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_JAVA_10_5_UPDATE7.NASL description The remote Mac OS X host is running a version of Java for Mac OS X 10.5 that is missing Update 7. The remote version of this software contains several security vulnerabilities, including some that may allow untrusted Java applets to obtain elevated privileges and lead to execution of arbitrary code with the privileges of the current user. last seen 2020-03-18 modified 2010-05-19 plugin id 46673 published 2010-05-19 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46673 title Mac OS X : Java for Mac OS X 10.5 Update 7 NASL family MacOS X Local Security Checks NASL id MACOSX_JAVA_10_6_UPDATE2.NASL description The remote Mac OS X host is running a version of Java for Mac OS X 10.6 that is missing Update 2. The remote version of this software contains several security vulnerabilities, including some that may allow untrusted Java applets to obtain elevated privileges and lead to execution of arbitrary code with the privileges of the current user. last seen 2020-03-18 modified 2010-05-19 plugin id 46674 published 2010-05-19 reporter This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46674 title Mac OS X : Java for Mac OS X 10.6 Update 2
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 40240 CVE ID: CVE-2010-0539 Mac OS X是苹果家族机器所使用的操作系统。 Mac OS X在处理窗口绘图时存在符号错误,用户受骗访问了包含有不可信任的Java Applet的恶意网页就可能导致拒绝服务或执行任意代码。 Apple Mac OS X 10.6 Apple Mac OS X 10.5 Apple MacOS X Server 10.6 Apple MacOS X Server 10.5 厂商补丁: Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.apple.com/support/downloads/ |
| id | SSV:19650 |
| last seen | 2017-11-19 |
| modified | 2010-05-20 |
| published | 2010-05-20 |
| reporter | Root |
| title | Mac OS X Java窗口绘图处理远程代码执行漏洞 |
References
- http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
- http://lists.apple.com/archives/security-announce/2010//May/msg00002.html
- http://secunia.com/advisories/39819
- http://securitytracker.com/id?1024012
- http://support.apple.com/kb/HT4170
- http://support.apple.com/kb/HT4171
- http://www.securityfocus.com/bid/40240
- http://www.vupen.com/english/advisories/2010/1191