CVE-2010-0539 — Apple Java 1.5 vulnerability

CWE-1893 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

2.8%

top 13.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Java 1.5 Apple Java 1.6

Timeline

PublishedMay 21

Latest updateMay 2

Description

Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted applet.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDapple/java_1.50

▶NVDapple/java_1.60

Patches

Patch: lists.apple.com ↗Patch: lists.apple.com ↗Patch: support.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-4g9j-m5r7-mvh4: Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10↗2022-05-02

▶

CVEList

CVE-2010-0539: Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10↗2010-05-21

▶