PT-2005-1480 · Oracle+1 · J2Se+2

Published

2005-03-24

Updated

2008-09-05

CVE-2005-0418

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Java Web Start for J2SE versions 1.4.2 up to 1.4.2 06

Description The issue allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file, specifically on Mac OS X.

Recommendations For Java Web Start for J2SE versions 1.4.2 up to 1.4.2 06, consider restricting the use of JNLP files until a patch is available. As a temporary workaround, avoid using the value parameter of a property tag in JNLP files to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0418

Affected Products

J2Se

Java Web Start

Macos X

PT-2005-1480 · Oracle+1 · J2Se+2

CVE-2005-0418

Related Identifiers

Affected Products

References · 2