Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-1491

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2013-1491
Last Modified 05 Dec 2013 12:24:45
Published 08 Mar 2013 01:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-1491

Summary

The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013.

Vulnerable Systems

Application

  • Oracle Jdk 1.7.0

  • Oracle Jre 1.7.0


References

MISC - https://twitter.com/thezdi/status/309438311112507392

MISC - http://www.zdnet.com/pwn2own-down-go-all-the-browsers-7000012283/

MISC - http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157

CONFIRM - http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html

REDHAT - RHSA-2013:0758

REDHAT - RHSA-2013:0757

SUSE - SUSE-SU-2013:0934

SUSE - SUSE-SU-2013:0871

SUSE - SUSE-SU-2013:0835

HP - HPSBUX02889

HP - SSRT101252

HP - HPSBUX02922

HP - SSRT101305

CERT - TA13-107A

REDHAT - RHSA-2013:1456

REDHAT - RHSA-2013:1455

APPLE - APPLE-SA-2013-04-16-2

Related Patches

Apple 2013-04-16 Java for Mac OS X 10.6 Update 15

Apple 2013-04-16 Java for OS X 2013-003

Oracle Java JRE 1.6.0_45 for Windows (Update) (All Languages) (See Notes) (Rev 2)

Oracle Java JRE 1.7.0_21 for Windows (Update) (All Languages) (See Notes)

Oracle Java JRE 1.7.0_21 for Mac OS X (Update)

Oracle Java JRE 1.6.0_45 for Windows (Update) (64Bit) (All Languages) (See Notes) (Rev 2)

Oracle Java JRE 1.7.0_21 for Windows (Update) (64Bit) (All Languages) (See Notes)


Last Updated: 27 May 2016 11:03:18