Security Database IT Watching - Alert Detail

INFORMATION

Name	:	CVE-2008-3638	First Publication	:	2008-09-26
Severity	:	Critical	Last Modification	:	2008-09-29

SCORING CVSS v2

Cvss Base Score	:	9.3	Attack Range	:	Network
Cvss Impact Score	:	10	Attack Complexity	:	Medium
Cvss Expoit Score	:	8.6	Authentification	:	None Required
Calculate full CVSS 2.0 Vectors scores

DETAIL

Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs.

CWE COMMON WEAKNESS ENUMERATION

Weakness : CWE-94 - Failure to Control Generation of Code ('Code Injection') (From NVD)

CPE COMMON PLATFORM ENUMERATION (from NVD)

Os : Apple Mac os x (2)
- cpe:/o:apple:mac_os_x:10.5.4
- cpe:/o:apple:mac_os_x:10.5.5
Os : Apple Mac os x server (2)
- cpe:/o:apple:mac_os_x_server:10.5.4
- cpe:/o:apple:mac_os_x_server:10.5.5

OPEN SOURCE VULNERABILTY DATABASE (OSVDB)

49092 : Java on Apple Mac OS X Applet file:// URL Arbitrary Program Execution.

SECONDARY(S) SOURCE(S)

Source : APPLE
Url : http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html

Source : BID
Url : http://www.securityfocus.com/bid/31380

Source : CONFIRM
Url : http://support.apple.com/kb/HT3179

Source : SECUNIA
Url : http://secunia.com/advisories/32018