CVE-2009-1719

The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in the first argument, which is dereferenced as a pointer.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0
sunjre
1.5.0_11-b03:_11
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://lists.apple.com/archives/security-announce/2009/Jun/msg00003.html
http://support.apple.com/kb/HT3632
http://www.securityfocus.com/archive/1/504364/100/0/threaded
http://www.securityfocus.com/bid/35381
http://www.securityfocus.com/bid/35401
http://www.zerodayinitiative.com/advisories/ZDI-09-043
https://exchange.xforce.ibmcloud.com/vulnerabilities/51185
http://lists.apple.com/archives/security-announce/2009/Jun/msg00003.html
http://support.apple.com/kb/HT3632
http://www.securityfocus.com/archive/1/504364/100/0/threaded
http://www.securityfocus.com/bid/35381
http://www.securityfocus.com/bid/35401
http://www.zerodayinitiative.com/advisories/ZDI-09-043
https://exchange.xforce.ibmcloud.com/vulnerabilities/51185