7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.7 High
AI Score
Confidence
Low
0.206 Low
EPSS
Percentile
96.4%
The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in the first argument, which is dereferenced as a pointer.
lists.apple.com/archives/security-announce/2009/Jun/msg00003.html
support.apple.com/kb/HT3632
www.securityfocus.com/archive/1/504364/100/0/threaded
www.securityfocus.com/bid/35381
www.securityfocus.com/bid/35401
www.zerodayinitiative.com/advisories/ZDI-09-043
exchange.xforce.ibmcloud.com/vulnerabilities/51185