Mac OS X : Java for Mac OS X 10.5 Update 2

high Nessus Plugin ID 34290

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

The remote Mac OS X 10.5 host is running a version of Java for Mac OS X that is missing update 2.

The remote version of this software contains several security vulnerabilities that may allow a rogue Java applet to execute arbitrary code on the remote host.

To exploit these flaws, an attacker would need to lure an attacker into executing a rogue Java applet.

Solution

Upgrade to Java for Mac OS X 10.5 update 2

See Also

http://support.apple.com/kb/HT3179

http://lists.apple.com/archives/security-announce/2008/Sep/msg00007.html

Plugin Details

Severity: High

ID: 34290

File Name: macosx_java_10_5_update2.nasl

Version: 1.20

Type: local

Agent: macosx

Published: 9/25/2008

Updated: 11/27/2023

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2008-3113

Vulnerability Information

Required KB Items: Host/MacOSX/packages

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/24/2008

Exploitable With

CANVAS (D2ExploitPack)

Reference Information

CVE: CVE-2008-1185, CVE-2008-1186, CVE-2008-1187, CVE-2008-1188, CVE-2008-1189, CVE-2008-1190, CVE-2008-1191, CVE-2008-1192, CVE-2008-1193, CVE-2008-1194, CVE-2008-1195, CVE-2008-1196, CVE-2008-3103, CVE-2008-3104, CVE-2008-3105, CVE-2008-3106, CVE-2008-3107, CVE-2008-3108, CVE-2008-3109, CVE-2008-3110, CVE-2008-3111, CVE-2008-3112, CVE-2008-3113, CVE-2008-3114, CVE-2008-3115, CVE-2008-3637, CVE-2008-3638

BID: 28125, 30144, 30146, 31379, 31380

CWE: 264