CVE-2005-0418

Description

Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06, on Mac OS X, allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. NOTE: it is highly likely that this item will be MERGED with CVE-2005-0836.

Affected products

• sun / j2se1.4.2 – 1.4.2
• sun / j2se1.4.2_01 – 1.4.2_01
• sun / j2se1.4.2_02 – 1.4.2_02
• sun / j2se1.4.2_03 – 1.4.2_03
• sun / j2se1.4.2_04 – 1.4.2_04
• sun / j2se1.4.2_05 – 1.4.2_05
• sun / j2se1.4.2_06 – 1.4.2_06

References

• MAILING_LISThttp://lists.apple.com/archives/security-announce/2005/Mar/msg00001.html