Sign-up

ID

VAR-201005-0870


CVE

CVE-2010-0538


TITLE

Apple Mac OS X Run on Java Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2010-001504

DESCRIPTION

Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 do not properly handle mediaLibImage objects, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted applet, related to the com.sun.medialib.mlib package. Successful exploits will allow an attacker to run arbitrary code in the context of the affected software. Failed exploit attempts may result in denial-of-service conditions. This issue affects the following: Mac OS X 10.5.8 (and prior versions) Mac OS X Server 10.5.8 (and prior versions) Mac OS X 10.6.3 (and prior versions) Mac OS X Server 10.6.3 (and prior versions). Apple Java used by the Mac operating system cannot properly handle the mediaLibImage object. ---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, disclose potentially sensitive information, cause a DoS (Denial of Service), or to compromise a user's system. For more information: SA34451 SA37255 SA39260 1) An error in the handling of mediaLibImage objects can be exploited to cause an out-of-bounds memory access and potentially execute arbitrary code when a user e.g. visits a web page containing a specially crafted Java applet. 2) A signedness error when drawing windows can be exploited to corrupt memory and potentially execute arbitrary code when a user e.g. visits a web page containing a specially crafted Java applet. SOLUTION: Apply updates. http://support.apple.com/kb/DL971 PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Marc Schoenefeld, University of Bamberg. 2) The vendor credits Jonathan Bringhurst of Northrop Grumman, and Jeffrey Czerniak. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT4170 http://support.apple.com/kb/HT4171 OTHER REFERENCES: SA34451: http://secunia.com/advisories/34451/ SA37255: http://secunia.com/advisories/37255/ SA39260: http://secunia.com/advisories/39260/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2010-0538 // JVNDB: JVNDB-2010-001504 // BID: 40238 // VULHUB: VHN-43143 // PACKETSTORM: 89697

AFFECTED PRODUCTS

vendor:applemodel:javascope:eqversion:*

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os xscope:eqversion:v10.6.3

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.5.8

Trust: 0.8

vendor:applemodel:mac os x serverscope:eqversion:v10.6.3

Trust: 0.8

vendor:applemodel:javascope: - version: -

Trust: 0.6

vendor:applemodel:mac os serverscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.8

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.7

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.5

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.4

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.3

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.6

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.5

Trust: 0.3

sources: BID: 40238 // JVNDB: JVNDB-2010-001504 // CNNVD: CNNVD-201005-312 // NVD: CVE-2010-0538

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-0538
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-0538
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201005-312
value: MEDIUM

Trust: 0.6

VULHUB: VHN-43143
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-0538
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-43143
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-43143 // JVNDB: JVNDB-2010-001504 // CNNVD: CNNVD-201005-312 // NVD: CVE-2010-0538

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-43143 // JVNDB: JVNDB-2010-001504 // NVD: CVE-2010-0538

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201005-312

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201005-312

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-001504

PATCH
title:HT4170url:http://support.apple.com/kb/HT4170
Trust: 0.8
title:HT4171url:http://support.apple.com/kb/HT4171
Trust: 0.8
title:HT4170url:http://support.apple.com/kb/HT4170?viewlocale=ja_JP
Trust: 0.8
title:HT4171url:http://support.apple.com/kb/HT4171?viewlocale=ja_JP
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-001504

EXTERNAL IDS
db:BIDid:40238
Trust: 2.8
db:NVDid:CVE-2010-0538
Trust: 2.8
db:SECUNIAid:39819
Trust: 2.6
db:VUPENid:ADV-2010-1191
Trust: 2.5
db:SECTRACKid:1024011
Trust: 2.5
db:JVNDBid:JVNDB-2010-001504
Trust: 0.8
db:CNNVDid:CNNVD-201005-312
Trust: 0.7
db:APPLEid:APPLE-SA-2010-05-18-2
Trust: 0.6
db:APPLEid:APPLE-SA-2010-05-18-1
Trust: 0.6
db:VULHUBid:VHN-43143
Trust: 0.1
db:PACKETSTORMid:89697
Trust: 0.1
sources:
            
            
            VULHUB: VHN-43143 // 
            
            
            
            BID: 40238 // 
            
            
            
            JVNDB: JVNDB-2010-001504 // 
            
            
            
            PACKETSTORM: 89697 // 
            
            
            
            CNNVD: CNNVD-201005-312 // 
            
            
            
            NVD: CVE-2010-0538

REFERENCES
url:http://www.securityfocus.com/bid/40238
Trust: 2.5
url:http://securitytracker.com/id?1024011
Trust: 2.5
url:http://secunia.com/advisories/39819
Trust: 2.5
url:http://www.vupen.com/english/advisories/2010/1191
Trust: 2.5
url:http://support.apple.com/kb/ht4170
Trust: 1.8
url:http://support.apple.com/kb/ht4171
Trust: 1.8
url:http://lists.apple.com/archives/security-announce/2010//may/msg00001.html
Trust: 1.7
url:http://lists.apple.com/archives/security-announce/2010//may/msg00002.html
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0538
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0538
Trust: 0.8
url:http://www.apple.com/macosx/
Trust: 0.3
url:http://support.apple.com/kb/dl972
Trust: 0.1
url:http://secunia.com/advisories/39819/
Trust: 0.1
url:http://support.apple.com/kb/dl971
Trust: 0.1
url:http://secunia.com/company/jobs/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/34451/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/39260/
Trust: 0.1
url:http://secunia.com/advisories/37255/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-43143 // 
            
            
            
            BID: 40238 // 
            
            
            
            JVNDB: JVNDB-2010-001504 // 
            
            
            
            PACKETSTORM: 89697 // 
            
            
            
            CNNVD: CNNVD-201005-312 // 
            
            
            
            NVD: CVE-2010-0538

CREDITS
Marc Schoenefeld of University of Bamberg
Trust: 0.3
sources:
            
            
            BID: 40238

SOURCES
db:VULHUBid:VHN-43143
db:BIDid:40238
db:JVNDBid:JVNDB-2010-001504
db:PACKETSTORMid:89697
db:CNNVDid:CNNVD-201005-312
db:NVDid:CVE-2010-0538

LAST UPDATE DATE
2025-04-11T21:59:41.079000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-43143date:2010-05-24T00:00:00
db:BIDid:40238date:2010-05-18T00:00:00
db:JVNDBid:JVNDB-2010-001504date:2010-06-07T00:00:00
db:CNNVDid:CNNVD-201005-312date:2010-05-25T00:00:00
db:NVDid:CVE-2010-0538date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-43143date:2010-05-21T00:00:00
db:BIDid:40238date:2010-05-18T00:00:00
db:JVNDBid:JVNDB-2010-001504date:2010-06-07T00:00:00
db:PACKETSTORMid:89697date:2010-05-19T05:58:57
db:CNNVDid:CNNVD-201005-312date:2010-05-25T00:00:00
db:NVDid:CVE-2010-0538date:2010-05-21T19:30:01.583