CVE-2010-0539
First published: Fri May 21 2010(Updated: )
Integer signedness error in the window drawing implementation in Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X 10.6 before Update 2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted applet.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Java | =0-23 | |
| Apple iOS and macOS | =10.5 | |
| Apple iOS and macOS | =10.5.0 | |
| Apple iOS and macOS | =10.5.1 | |
| Apple iOS and macOS | =10.5.2 | |
| Apple iOS and macOS | =10.5.3 | |
| Apple iOS and macOS | =10.5.4 | |
| Apple iOS and macOS | =10.5.5 | |
| Apple iOS and macOS | =10.5.6 | |
| Apple Java | =0-17 | |
| Apple iOS and macOS | =10.6 | |
| Apple iOS and macOS | =10.6.0 | |
| Apple iOS and macOS | =10.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.vupen.com/english/advisories/2010/1191
- http://support.apple.com/kb/HT4170
- http://secunia.com/advisories/39819
- http://lists.apple.com/archives/security-announce/2010//May/msg00002.html
- http://support.apple.com/kb/HT4171
- http://lists.apple.com/archives/security-announce/2010//May/msg00001.html
- http://www.securityfocus.com/bid/40240
- http://securitytracker.com/id?1024012
Frequently Asked Questions
What is the severity of CVE-2010-0539?
CVE-2010-0539 is rated as a critical vulnerability due to its potential to allow remote code execution.
How do I fix CVE-2010-0539?
To fix CVE-2010-0539, users should update to Mac OS X 10.5 Update 7 or Java for Mac OS X 10.6 Update 2 or later.
What types of attacks can exploit CVE-2010-0539?
CVE-2010-0539 can be exploited via crafted applets that trigger the integer signedness error in the Java implementation.
Which versions are affected by CVE-2010-0539?
CVE-2010-0539 affects Apple Java versions 1.5 and 1.6 running on Mac OS X 10.5 and 10.6 prior to their respective updates.
What are the potential consequences of CVE-2010-0539?
Exploiting CVE-2010-0539 may lead to arbitrary code execution or denial of service through application crashes.
- collector/nvd-historical
- agent/references
- agent/type
- agent/remedy
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apple
- canonical/apple java
- version/apple java/0-23
- canonical/apple ios and macos
- version/apple ios and macos/10.5
- version/apple ios and macos/10.5.0
- version/apple ios and macos/10.5.1
- version/apple ios and macos/10.5.2
- version/apple ios and macos/10.5.3
- version/apple ios and macos/10.5.4
- version/apple ios and macos/10.5.5
- version/apple ios and macos/10.5.6
- version/apple java/0-17
- version/apple ios and macos/10.6
- version/apple ios and macos/10.6.0
- version/apple ios and macos/10.6.1