CVE-2005-0418

Summary

CVE	CVE-2005-0418
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2005-05-02 04:00:00 UTC
Updated	2008-09-05 20:46:00 UTC
Description	Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06, on Mac OS X, allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. NOTE: it is highly likely that this item will be MERGED with CVE-2005-0836.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Sun	J2se	1.4.2	All	sdk	All
Application	Sun	J2se	1.4.2_01	All	sdk	All
Application	Sun	J2se	1.4.2_02	All	sdk	All
Application	Sun	J2se	1.4.2_03	All	sdk	All
Application	Sun	J2se	1.4.2_04	All	sdk	All
Application	Sun	J2se	1.4.2_05	All	sdk	All
Application	Sun	J2se	1.4.2_06	All	sdk	All
Application	Sun	J2se	1.4.2	All	sdk	All
Application	Sun	J2se	1.4.2_01	All	sdk	All
Application	Sun	J2se	1.4.2_02	All	sdk	All
Application	Sun	J2se	1.4.2_03	All	sdk	All
Application	Sun	J2se	1.4.2_04	All	sdk	All
Application	Sun	J2se	1.4.2_05	All	sdk	All
Application	Sun	J2se	1.4.2_06	All	sdk	All

References

Reference	Source	Link	Tags
APPLE-SA-2005-03-24 Java Web Start	APPLE	lists.apple.com	Patch, Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.