Mac OS X Java JRE Plug-in Capability Arbitrary Package Access (Security Update 2005-002)

Medium Nessus Plugin ID 17195

Synopsis

The remote host is missing a Mac OS X update that fixes a security issue.

Description

The remote host is missing Security Update 2005-002. This security update contains a security bugfix for Java 1.4.2.

A vulnerability in the Java Plug-in may allow an untrusted applet to escalate privileges, through JavaScript calling into Java code, including reading and writing files with the privileges of the user running the applet. Releases prior to Java 1.4.2 on Mac OS X are not affected by this vulnerability.

Solution

Install Security Update 2005-002.

See Also

http://support.apple.com/kb/TA22931

Plugin Details

Severity: Medium

ID: 17195

File Name: macosx_SecUpd2005-002.nasl

Version: 1.16

Type: local

Agent: macosx

Published: 2005/02/22

Updated: 2018/07/14

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Required KB Items: Host/MacOSX/packages

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2004/11/22

Vulnerability Publication Date: 2004/11/22

Reference Information

CVE: CVE-2004-1029

BID: 11726

CWE: 264