cvelistv5 - cve-2010-0539

CVE-2010-0539 (GCVE-0-2010-0539)

Vulnerability from cvelistv5

Published

2010-05-21 19:00

Modified

2024-09-16 19:10

Severity ?

CWE

Summary

References

URL

Tags

product-security@apple.com	http://lists.apple.com/archives/security-announce/2010//May/msg00001.html	Patch, Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2010//May/msg00002.html	Patch, Vendor Advisory
product-security@apple.com	http://secunia.com/advisories/39819	Vendor Advisory
product-security@apple.com	http://securitytracker.com/id?1024012
product-security@apple.com	http://support.apple.com/kb/HT4170	Patch, Vendor Advisory
product-security@apple.com	http://support.apple.com/kb/HT4171	Patch, Vendor Advisory
product-security@apple.com	http://www.securityfocus.com/bid/40240	Patch
product-security@apple.com	http://www.vupen.com/english/advisories/2010/1191	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010//May/msg00001.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010//May/msg00002.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/39819	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1024012
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4170	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4171	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/40240	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/1191	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:52:19.448Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2010-05-18-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
          },
          {
            "name": "39819",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39819"
          },
          {
            "name": "APPLE-SA-2010-05-18-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4170"
          },
          {
            "name": "40240",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/40240"
          },
          {
            "name": "1024012",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1024012"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4171"
          },
          {
            "name": "ADV-2010-1191",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1191"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted applet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-05-21T19:00:00Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "name": "APPLE-SA-2010-05-18-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
        },
        {
          "name": "39819",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39819"
        },
        {
          "name": "APPLE-SA-2010-05-18-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4170"
        },
        {
          "name": "40240",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/40240"
        },
        {
          "name": "1024012",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1024012"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4171"
        },
        {
          "name": "ADV-2010-1191",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1191"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2010-0539",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted applet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2010-05-18-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
            },
            {
              "name": "39819",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39819"
            },
            {
              "name": "APPLE-SA-2010-05-18-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
            },
            {
              "name": "http://support.apple.com/kb/HT4170",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4170"
            },
            {
              "name": "40240",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/40240"
            },
            {
              "name": "1024012",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1024012"
            },
            {
              "name": "http://support.apple.com/kb/HT4171",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4171"
            },
            {
              "name": "ADV-2010-1191",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1191"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2010-0539",
    "datePublished": "2010-05-21T19:00:00Z",
    "dateReserved": "2010-02-03T00:00:00Z",
    "dateUpdated": "2024-09-16T19:10:47.810Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-0539\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2010-05-21T19:30:01.647\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted applet.\"},{\"lang\":\"es\",\"value\":\"Error de presencia de signo en entero en la implementaci\u00f3n de la visualizaci\u00f3n de la ventana en Apple Java para Mac OS X 10.5 en versiones anteriores al Update 7 y Java para Mac OS X 10.6 en versiones anteriores al Update 2. Permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un applet modificado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:java_1.5:0:23:*:*:*:*:*:*\",\"matchCriteriaId\":\"49D61854-E1F1-4936-ACBF-674636429BF4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2442D35-7484-43D8-9077-3FDF63104816\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC90AA12-DD17-4607-90CB-E342E83F20BB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F3E721C-00CA-4D51-B542-F2BC5C0D65BF\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3267A41-1AE0-48B8-BD1F-DEC8A212851A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"855288F1-0242-4951-AB3F-B7AF13E21CF6\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10082781-B93E-4B84-94F2-FA9749B4D92B\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE1EBF04-C440-4A6B-93F2-DC3A812728C2\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFB077A2-927B-43AF-BFD5-0E78648C9394\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apple:java_1.6:0:17:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D2AB9C6-DC9C-460C-ADAD-E47A73838D44\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFB40DFD-621D-4069-93E2-9EE32411082F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C69DEE9-3FA5-408E-AD27-F5E7043F852A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D25D1FD3-C291-492C-83A7-0AFAFAADC98D\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2010//May/msg00001.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//May/msg00002.html\",\"source\":\"product-security@apple.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/39819\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1024012\",\"source\":\"product-security@apple.com\"},{\"url\":\"http://support.apple.com/kb/HT4170\",\"source\":\"product-security@apple.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4171\",\"source\":\"product-security@apple.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/40240\",\"source\":\"product-security@apple.com\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1191\",\"source\":\"product-security@apple.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//May/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//May/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/39819\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1024012\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://support.apple.com/kb/HT4170\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4171\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/40240\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1191\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

ghsa-4g9j-m5r7-mvh4

Vulnerability from github

Published

2022-05-02 06:13

Modified

2022-05-02 06:13

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2010-0539"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2010-05-21T19:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted applet.",
  "id": "GHSA-4g9j-m5r7-mvh4",
  "modified": "2022-05-02T06:13:30Z",
  "published": "2022-05-02T06:13:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2010-0539"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/39819"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1024012"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4170"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT4171"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/40240"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/1191"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2010-0539

Vulnerability from fkie_nvd

Published

2010-05-21 19:30

Modified

2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
product-security@apple.com	http://lists.apple.com/archives/security-announce/2010//May/msg00001.html	Patch, Vendor Advisory
product-security@apple.com	http://lists.apple.com/archives/security-announce/2010//May/msg00002.html	Patch, Vendor Advisory
product-security@apple.com	http://secunia.com/advisories/39819	Vendor Advisory
product-security@apple.com	http://securitytracker.com/id?1024012
product-security@apple.com	http://support.apple.com/kb/HT4170	Patch, Vendor Advisory
product-security@apple.com	http://support.apple.com/kb/HT4171	Patch, Vendor Advisory
product-security@apple.com	http://www.securityfocus.com/bid/40240	Patch
product-security@apple.com	http://www.vupen.com/english/advisories/2010/1191	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010//May/msg00001.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010//May/msg00002.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/39819	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1024012
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4170	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4171	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/40240	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/1191	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
apple	java_1.5	0
apple	mac_os_x	10.5
apple	mac_os_x	10.5.0
apple	mac_os_x	10.5.1
apple	mac_os_x	10.5.2
apple	mac_os_x	10.5.3
apple	mac_os_x	10.5.4
apple	mac_os_x	10.5.5
apple	mac_os_x	10.5.6
apple	java_1.6	0
apple	mac_os_x	10.6
apple	mac_os_x	10.6.0
apple	mac_os_x	10.6.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:java_1.5:0:23:*:*:*:*:*:*",
              "matchCriteriaId": "49D61854-E1F1-4936-ACBF-674636429BF4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2442D35-7484-43D8-9077-3FDF63104816",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC90AA12-DD17-4607-90CB-E342E83F20BB",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F3E721C-00CA-4D51-B542-F2BC5C0D65BF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3267A41-1AE0-48B8-BD1F-DEC8A212851A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "855288F1-0242-4951-AB3F-B7AF13E21CF6",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "10082781-B93E-4B84-94F2-FA9749B4D92B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1EBF04-C440-4A6B-93F2-DC3A812728C2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFB077A2-927B-43AF-BFD5-0E78648C9394",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:java_1.6:0:17:*:*:*:*:*:*",
              "matchCriteriaId": "4D2AB9C6-DC9C-460C-ADAD-E47A73838D44",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFB40DFD-621D-4069-93E2-9EE32411082F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C69DEE9-3FA5-408E-AD27-F5E7043F852A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D25D1FD3-C291-492C-83A7-0AFAFAADC98D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted applet."
    },
    {
      "lang": "es",
      "value": "Error de presencia de signo en entero en la implementaci\u00f3n de la visualizaci\u00f3n de la ventana en Apple Java para Mac OS X 10.5 en versiones anteriores al Update 7 y Java para Mac OS X 10.6 en versiones anteriores al Update 2. Permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) a trav\u00e9s de un applet modificado."
    }
  ],
  "id": "CVE-2010-0539",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-05-21T19:30:01.647",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39819"
    },
    {
      "source": "product-security@apple.com",
      "url": "http://securitytracker.com/id?1024012"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4170"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4171"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/40240"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/39819"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1024012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4170"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.apple.com/kb/HT4171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/40240"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1191"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2010-0539

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2010-0539

Aliases

CVE-2010-0539

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2010-0539",
    "description": "Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted applet.",
    "id": "GSD-2010-0539"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2010-0539"
      ],
      "details": "Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted applet.",
      "id": "GSD-2010-0539",
      "modified": "2023-12-13T01:21:29.514190Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2010-0539",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted applet."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "APPLE-SA-2010-05-18-1",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
          },
          {
            "name": "39819",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/39819"
          },
          {
            "name": "APPLE-SA-2010-05-18-2",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
          },
          {
            "name": "http://support.apple.com/kb/HT4170",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT4170"
          },
          {
            "name": "40240",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/40240"
          },
          {
            "name": "1024012",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1024012"
          },
          {
            "name": "http://support.apple.com/kb/HT4171",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT4171"
          },
          {
            "name": "ADV-2010-1191",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2010/1191"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:java_1.5:0:23:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:apple:java_1.6:0:17:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.6.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2010-0539"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted applet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-189"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2010-1191",
              "refsource": "VUPEN",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/1191"
            },
            {
              "name": "http://support.apple.com/kb/HT4170",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT4170"
            },
            {
              "name": "39819",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/39819"
            },
            {
              "name": "APPLE-SA-2010-05-18-2",
              "refsource": "APPLE",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"
            },
            {
              "name": "http://support.apple.com/kb/HT4171",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://support.apple.com/kb/HT4171"
            },
            {
              "name": "APPLE-SA-2010-05-18-1",
              "refsource": "APPLE",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
            },
            {
              "name": "40240",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/40240"
            },
            {
              "name": "1024012",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1024012"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2010-05-24T04:00Z",
      "publishedDate": "2010-05-21T19:30Z"
    }
  }
}

Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted applet. Successful exploits will allow an attacker to run arbitrary code in the context of the affected software. Failed exploit attempts may result in denial-of-service conditions. This issue affects the following: Mac OS X 10.5.8 (and prior versions) Mac OS X Server 10.5.8 (and prior versions) Mac OS X 10.6.3 (and prior versions) Mac OS X Server 10.6.3 (and prior versions). ----------------------------------------------------------------------

Looking for a job?

Secunia is hiring skilled researchers and talented developers. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, disclose potentially sensitive information, cause a DoS (Denial of Service), or to compromise a user's system.

For more information: SA34451 SA37255 SA39260

1) An error in the handling of mediaLibImage objects can be exploited to cause an out-of-bounds memory access and potentially execute arbitrary code when a user e.g. visits a web page containing a specially crafted Java applet.

2) A signedness error when drawing windows can be exploited to corrupt memory and potentially execute arbitrary code when a user e.g. visits a web page containing a specially crafted Java applet.

SOLUTION: Apply updates. http://support.apple.com/kb/DL971

PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Marc Schoenefeld, University of Bamberg. 2) The vendor credits Jonathan Bringhurst of Northrop Grumman, and Jeffrey Czerniak.

ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4170 http://support.apple.com/kb/HT4171

OTHER REFERENCES: SA34451: http://secunia.com/advisories/34451/

SA37255: http://secunia.com/advisories/37255/

SA39260: http://secunia.com/advisories/39260/

About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201005-0874",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "java 1.6",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "java 1.5",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apple",
        "version": "0"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.8"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6.3"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.8"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "40240"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001505"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201005-313"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0539"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:apple:mac_os_x_server",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001505"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jonathan Bringhurst of Northrop Grumman, Jeffrey Czerniak",
    "sources": [
      {
        "db": "BID",
        "id": "40240"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2010-0539",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2010-0539",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-43144",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2010-0539",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2010-0539",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201005-313",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-43144",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43144"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001505"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201005-313"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0539"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted applet. \nSuccessful exploits will allow an attacker to run arbitrary code in the context of the affected software. Failed exploit attempts may result in denial-of-service conditions. \nThis issue affects the following:\nMac OS X 10.5.8 (and prior versions)\nMac OS X Server 10.5.8 (and prior versions)\nMac OS X 10.6.3 (and prior versions)\nMac OS X Server 10.6.3 (and prior versions). ----------------------------------------------------------------------\n\n\nLooking for a job?\n\n\nSecunia is hiring skilled researchers and talented developers. This fixes some\nvulnerabilities, which can be exploited by malicious people to bypass\ncertain security restrictions, manipulate certain data, disclose\npotentially sensitive information, cause a DoS (Denial of Service),\nor to compromise a user\u0027s system. \n\nFor more information:\nSA34451\nSA37255\nSA39260\n\n1) An error in the handling of mediaLibImage objects can be exploited\nto cause an out-of-bounds memory access and potentially execute\narbitrary code when a user e.g. visits a web page containing a\nspecially crafted Java applet. \n\n2) A signedness error when drawing windows can be exploited to\ncorrupt memory and potentially execute arbitrary code when a user\ne.g. visits a web page containing a specially crafted Java applet. \n\nSOLUTION:\nApply updates. \nhttp://support.apple.com/kb/DL971\n\nPROVIDED AND/OR DISCOVERED BY:\n1) The vendor credits Marc Schoenefeld, University of Bamberg. \n2) The vendor credits Jonathan Bringhurst of Northrop Grumman, and\nJeffrey Czerniak. \n\nORIGINAL ADVISORY:\nApple:\nhttp://support.apple.com/kb/HT4170\nhttp://support.apple.com/kb/HT4171\n\nOTHER REFERENCES:\nSA34451:\nhttp://secunia.com/advisories/34451/\n\nSA37255:\nhttp://secunia.com/advisories/37255/\n\nSA39260:\nhttp://secunia.com/advisories/39260/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2010-0539"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001505"
      },
      {
        "db": "BID",
        "id": "40240"
      },
      {
        "db": "VULHUB",
        "id": "VHN-43144"
      },
      {
        "db": "PACKETSTORM",
        "id": "89697"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "40240",
        "trust": 2.8
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0539",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "39819",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1024012",
        "trust": 2.5
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-1191",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001505",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201005-313",
        "trust": 0.7
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2010-05-18-2",
        "trust": 0.6
      },
      {
        "db": "APPLE",
        "id": "APPLE-SA-2010-05-18-1",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-43144",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "89697",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43144"
      },
      {
        "db": "BID",
        "id": "40240"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001505"
      },
      {
        "db": "PACKETSTORM",
        "id": "89697"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201005-313"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0539"
      }
    ]
  },
  "id": "VAR-201005-0874",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43144"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T19:40:06.562000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT4170",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT4170"
      },
      {
        "title": "HT4171",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT4171"
      },
      {
        "title": "HT4170",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT4170?viewlocale=ja_JP"
      },
      {
        "title": "HT4171",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/HT4171?viewlocale=ja_JP"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001505"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-189",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43144"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001505"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0539"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/40240"
      },
      {
        "trust": 2.5,
        "url": "http://securitytracker.com/id?1024012"
      },
      {
        "trust": 2.5,
        "url": "http://secunia.com/advisories/39819"
      },
      {
        "trust": 2.5,
        "url": "http://www.vupen.com/english/advisories/2010/1191"
      },
      {
        "trust": 1.8,
        "url": "http://support.apple.com/kb/ht4170"
      },
      {
        "trust": 1.8,
        "url": "http://support.apple.com/kb/ht4171"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2010//may/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2010//may/msg00002.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0539"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0539"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com/macosx/"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/dl972"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/39819/"
      },
      {
        "trust": 0.1,
        "url": "http://support.apple.com/kb/dl971"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/company/jobs/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/34451/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/39260/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/37255/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-43144"
      },
      {
        "db": "BID",
        "id": "40240"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001505"
      },
      {
        "db": "PACKETSTORM",
        "id": "89697"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201005-313"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0539"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-43144"
      },
      {
        "db": "BID",
        "id": "40240"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001505"
      },
      {
        "db": "PACKETSTORM",
        "id": "89697"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201005-313"
      },
      {
        "db": "NVD",
        "id": "CVE-2010-0539"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-05-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-43144"
      },
      {
        "date": "2010-05-18T00:00:00",
        "db": "BID",
        "id": "40240"
      },
      {
        "date": "2010-06-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001505"
      },
      {
        "date": "2010-05-19T05:58:57",
        "db": "PACKETSTORM",
        "id": "89697"
      },
      {
        "date": "2010-05-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201005-313"
      },
      {
        "date": "2010-05-21T19:30:01.647000",
        "db": "NVD",
        "id": "CVE-2010-0539"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2010-05-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-43144"
      },
      {
        "date": "2010-05-18T00:00:00",
        "db": "BID",
        "id": "40240"
      },
      {
        "date": "2010-06-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2010-001505"
      },
      {
        "date": "2010-05-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201005-313"
      },
      {
        "date": "2024-11-21T01:12:24.370000",
        "db": "NVD",
        "id": "CVE-2010-0539"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201005-313"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Java of  window drawing An arbitrary code execution vulnerability in the implementation",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2010-001505"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "digital error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201005-313"
      }
    ],
    "trust": 0.6
  }
}

CERTA-2010-AVI-217

Vulnerability from certfr_avis

De multiples vulnérabilités dans la machine virtuelle Java permettent à un individu malveillant d'exécuter du code arbitraire à distance.

Description

De multiples vulnérabilités permettent à un individu malveillant d'exécuter du code arbitraire à distance. Ces vulnérabilités affectent la machine virtuelle Java du système. La visite d'une page Web compromise ou malveillante permet d'exécuter du code arbitraire sur un système vulnérable.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Mac OS X version 10.5.
	N/A	N/A	Mac OS X version 10.6 ;

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2010-0539 (GCVE-0-2010-0539)

Vulnerability from cvelistv5

ghsa-4g9j-m5r7-mvh4

Vulnerability from github

fkie_cve-2010-0539

Vulnerability from fkie_nvd

gsd-2010-0539

Vulnerability from gsd

var-201005-0874

Vulnerability from variot

CERTA-2010-AVI-217

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature