Vulnerability Description
Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Mac Os X | 10.5 |
| Apple | Mac Os X Server | 10.5 |
| Apple | Java 1.4 | <= 2 |
| Apple | Java 1.5 | <= 0 |
| Apple | Java 1.6 | <= 0 |
Related Weaknesses (CWE)
References
- http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.htmlPatchVendor Advisory
- http://securitytracker.com/id?1022820Patch
- http://www.vupen.com/english/advisories/2009/2543
- http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.htmlPatchVendor Advisory
- http://securitytracker.com/id?1022820Patch
- http://www.vupen.com/english/advisories/2009/2543
FAQ
What is CVE-2009-2205?
CVE-2009-2205 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Stack-based buffer overflow in the Java Web Start command launcher in Java for Mac OS X 10.5 before Update 5 allows attackers to execute arbitrary code or cause a denial of service (application crash)...
How severe is CVE-2009-2205?
CVE-2009-2205 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2205?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Mac Os X, Apple Mac Os X Server, Apple Java 1.4, Apple Java 1.5, Apple Java 1.6.