Vulnerability Details : CVE-2010-0538
Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 do not properly handle mediaLibImage objects, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted applet, related to the com.sun.medialib.mlib package.
Vulnerability category: Execute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2010-0538
Probability of exploitation activity in the next 30 days: 0.76%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 81 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-0538
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2010-0538
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0538
-
http://securitytracker.com/id?1024011
Java on Mac OS X Has Memory Access Error in Processing mediaLibImage Objects That Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
http://www.vupen.com/english/advisories/2010/1191
Webmail | OVH- OVHVendor Advisory
-
http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
Apple - Lists.apple.comPatch;Vendor Advisory
-
http://support.apple.com/kb/HT4171
About the security content of Java for Mac OS X 10.6 Update 2 - Apple SupportPatch;Vendor Advisory
-
http://www.securityfocus.com/bid/40238
Apple Mac OS X Java 'mediaLibImage' Object Handling Remote Code Execution VulnerabilityPatch
-
http://lists.apple.com/archives/security-announce/2010//May/msg00002.html
Apple - Lists.apple.comPatch;Vendor Advisory
-
http://support.apple.com/kb/HT4170
About the security content of Java for Mac OS X 10.5 Update 7 - Apple SupportPatch;Vendor Advisory
Products affected by CVE-2010-0538
- cpe:2.3:a:apple:java:*:*:*:*:*:*:*:*