|Apple Mac OS X Java Applet HMAC供给器处理远程代码执行漏洞

Apple Mac OS X Java Applet HMAC供给器处理远程代码执行漏洞

- AV AC AU C I A

发布： 2025-04-13

修订： 2025-04-13

BUGTRAQ ID: 31379 CVE ID：CVE-2008-3637 CNCVE ID：CNCVE-20083637 Apple Mac OS X是一款商业性质的操作系统。 Apple Mac OS X Java Applet HMAC供给器使用未初始化变量，远程攻击者可以利用漏洞以应用程序上下文执行任意代码。基于HASH的消息验证代码(HMAC)供给器用于生成MD5和SHA-A HASH，其中存在一个错误检查可导致使用未初始化变量。构建恶意的Java applet，诱使用户访问，可导致任意代码执行。 Apple Mac OS X Server 10.5.5 Apple Mac OS X Server 10.5.4 Apple Mac OS X Server 10.5.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.10 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.5 Apple Mac OS X 10.5.4 Apple Mac OS X 10.5.3 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.10 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.5 可参考如下补丁程序： Apple Mac OS X Server 10.4.11 Apple JavaForMacOSX10.4Release7.dmg Java for Mac OS X 10.4, Release 7 <a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=21278&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=21278&cat=</a> 59&platform=osx&method=sa/JavaForMacOSX10.4Release7.dmg Apple Mac OS X 10.4.11 Apple JavaForMacOSX10.4Release7.dmg Java for Mac OS X 10.4, Release 7 <a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=21278&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=21278&cat=</a> 59&platform=osx&method=sa/JavaForMacOSX10.4Release7.dmg Apple Mac OS X 10.5.4 Apple JavaForMacOSX10.5Update2.dmg Java for Mac OS X 10.5 Update 2 <a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=21277&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=21277&cat=</a> 59&platform=osx&method=sa/JavaForMacOSX10.5Update2.dmg Apple Mac OS X Server 10.5.4 Apple JavaForMacOSX10.5Update2.dmg Java for Mac OS X 10.5 Update 2 <a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=21277&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=21277&cat=</a> 59&platform=osx&method=sa/JavaForMacOSX10.5Update2.dmg Apple Mac OS X Server 10.5.5 Apple JavaForMacOSX10.5Update2.dmg Java for Mac OS X 10.5 Update 2 <a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=21277&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=21277&cat=</a> 59&platform=osx&method=sa/JavaForMacOSX10.5Update2.dmg Apple Mac OS X 10.5.5 Apple JavaForMacOSX10.5Update2.dmg Java for Mac OS X 10.5 Update 2 <a href=http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=21277&cat= target=_blank>http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=21277&cat=</a> 59&platform=osx&method=sa/JavaForMacOSX10.5Update2.dmg

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™