Mac OS X Java JRE Plug-in Capability Arbitrary Package Access (Security Update 2005-002)

medium Nessus Plugin ID 17195

Synopsis

The remote host is missing a Mac OS X update that fixes a security issue.

Description

The remote host is missing Security Update 2005-002. This security update contains a security bugfix for Java 1.4.2.

A vulnerability in the Java Plug-in may allow an untrusted applet to escalate privileges, through JavaScript calling into Java code, including reading and writing files with the privileges of the user running the applet. Releases prior to Java 1.4.2 on Mac OS X are not affected by this vulnerability.

Solution

Install Security Update 2005-002.

See Also

http://support.apple.com/kb/TA22931

Plugin Details

Severity: Medium

ID: 17195

File Name: macosx_SecUpd2005-002.nasl

Version: 1.17

Type: local

Agent: macosx

Published: 2/22/2005

Updated: 5/28/2024

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:apple:mac_os_x:10.2, cpe:/o:apple:mac_os_x:10.3

Required KB Items: Host/MacOSX/packages

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/22/2004

Vulnerability Publication Date: 11/22/2004

Reference Information

CVE: CVE-2004-1029

BID: 11726

CWE: 264