CVE-2008-3637 Information

Description

The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11 10.5.4 and 10.5.5 uses an uninitialized variable which allows remote attackers to execute arbitrary code via a crafted applet related to an \error checking issue.\

Reference

http://lists.apple.com/archives/security-announce//2008/Sep/msg00007.html http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html http://secunia.com/advisories/32018 http://support.apple.com/kb/HT3178 http://support.apple.com/kb/HT3179 http://www.securityfocus.com/bid/31379 http://www.securitytracker.com/id?1020943 https://exchange.xforce.ibmcloud.com/vulnerabilities/45396