CVE-2008-3638Code Injection in Apple MAC OS X

CWE-94Code Injection3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
1.9%
top 16.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple MAC OS XApple MAC OS X Server
Timeline
PublishedSep 26
Latest updateMay 2

Description

Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDapple/mac_os_x10.5.4, 10.5.5+1
NVDapple/mac_os_x_server10.5.4, 10.5.5+1

🔴Vulnerability Details

2
GHSA
GHSA-ccq2-jrj3-pw8x: Java on Apple Mac OS X 102022-05-02
CVEList
CVE-2008-3638: Java on Apple Mac OS X 102008-09-26
CVE-2008-3638 — Code Injection in Apple MAC OS X | cvebase