The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in the first argument, which is dereferenced as a pointer.
CPE | Name | Operator | Version |
---|---|---|---|
jre | eq | 1.5.0 update2 | |
jre | eq | 1.5.0 update13 | |
jre | eq | 1.5.0 update12 | |
jre | eq | 1.5.0 update8 | |
jre | eq | 1.5.0 update16 | |
jre | eq | 1.5.0 update11 | |
jre | eq | 1.5.0 update15 | |
jre | eq | 1.5.0 update7 | |
jre | eq | 1.5.0 update3 | |
jre | eq | 1.5.0 update5 |
lists.apple.com/archives/security-announce/2009/Jun/msg00003.html
support.apple.com/kb/HT3632
www.securityfocus.com/archive/1/504364/100/0/threaded
www.securityfocus.com/bid/35381
www.securityfocus.com/bid/35401
www.zerodayinitiative.com/advisories/ZDI-09-043
exchange.xforce.ibmcloud.com/vulnerabilities/51185