Description
Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06, on Mac OS X, allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. NOTE: it is highly likely that this item will be MERGED with CVE-2005-0836.
References (1)
Core 1
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2005/Mar/msg00001.html
Scores
EPSS
0.0049
EPSS Percentile
65.8%
Details
Status
published
Products (7)
sun/j2se
1.4.2
sun/j2se
1.4.2_01
sun/j2se
1.4.2_02
sun/j2se
1.4.2_03
sun/j2se
1.4.2_04
sun/j2se
1.4.2_05
sun/j2se
1.4.2_06
Published
May 02, 2005
Tracked Since
Feb 18, 2026