CVE-2009-1719 — Code Injection in JRE

CWE-94 — Code Injection CWE-822 — Untrusted Pointer Dereference4 documents4 sources

Severity

7.5HIGHNVD

EPSS

3.9%

top 11.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN JRE

Timeline

PublishedJun 16

Latest updateMay 2

Description

The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in the first argument, which is dereferenced as a pointer.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDsun/jre1.5.0, 1.5.0_11-b03+1

Patches

Patch: lists.apple.com ↗Patch: support.apple.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-88x6-wvf3-98hv: The Aqua Look and Feel for Java implementation in Java 1↗2022-05-02

▶

CVEList

CVE-2009-1719: The Aqua Look and Feel for Java implementation in Java 1↗2009-06-16

▶

📐Framework References

CWE

Untrusted Pointer Dereference↗

▶