Mac OS X Java JRE Plug-in Capability Arbitrary Package Access (Security Update 2005-002)

Medium Nessus Plugin ID 17195


The remote host is missing a Mac OS X update that fixes a security issue.


The remote host is missing Security Update 2005-002. This security update contains a security bugfix for Java 1.4.2.

A vulnerability in the Java Plug-in may allow an untrusted applet to escalate privileges, through JavaScript calling into Java code, including reading and writing files with the privileges of the user running the applet. Releases prior to Java 1.4.2 on Mac OS X are not affected by this vulnerability.


Install Security Update 2005-002.

See Also

Plugin Details

Severity: Medium

ID: 17195

File Name: macosx_SecUpd2005-002.nasl

Version: $Revision: 1.15 $

Type: local

Agent: macosx

Published: 2005/02/22

Modified: 2011/08/08

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x

Required KB Items: Host/MacOSX/packages

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2004/11/22

Vulnerability Publication Date: 2004/11/22

Reference Information

CVE: CVE-2004-1029

BID: 11726

OSVDB: 12095

CWE: 264