CVE-2008-3638

Published: Sep 26, 2008Modified: Apr 23, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs.

Affected (4)

Products: Apple: Mac Os X, Mac Os X Server

Apple

2 products

Mac Os X

Mac Os X Server

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Apple Mac Os X	Version 10.5.4
Apple Mac Os X	Version 10.5.5
Apple Mac Os X Server	Version 10.5.4
Apple Mac Os X Server	Version 10.5.5

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (12)

http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html

Source: cve@mitre.org

http://secunia.com/advisories/32018

Source: cve@mitre.org

Vendor Advisory

http://support.apple.com/kb/HT3179

Source: cve@mitre.org

http://www.securityfocus.com/bid/31380

Source: cve@mitre.org

http://www.securitytracker.com/id?1020944

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/45397

Source: cve@mitre.org

http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html