PT-2013-3173 · Oracle+3 · Java Runtime Environment+5

Publicado

2013-03-08

Atualizado

2017-09-19

CVE-2013-1491

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Java Runtime Environment (JRE) versions prior to 7 Update 18 Java Runtime Environment (JRE) versions prior to 6 Update 44 Java Runtime Environment (JRE) versions prior to 5.0 Update 42 JavaFX versions prior to 2.2.8

Description The issue allows remote attackers to execute arbitrary code via vectors related to 2D. This was demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013.

Recommendations For Java Runtime Environment (JRE) versions prior to 7 Update 18, update to version 7 Update 18 or later. For Java Runtime Environment (JRE) versions prior to 6 Update 44, update to version 6 Update 44 or later. For Java Runtime Environment (JRE) versions prior to 5.0 Update 42, update to version 5.0 Update 42 or later. For JavaFX versions prior to 2.2.8, update to version 2.2.8 or later.

Exploit

Correção

RCE

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2013-1491

HPSBUX02889

HPSBUX02922

RHSA-2013:0757

RHSA-2013:0758

RHSA-2013:0822

RHSA-2013:0823

RHSA-2013:0855

RHSA-2013:1455

RHSA-2013:1456

RHSA-2013_0757

RHSA-2013_0758

RHSA-2013_0822

RHSA-2013_0823

RHSA-2013_0855

SUSE-SU-2013_0934-1

ZDI-13-078

Produtos afetados

Hp-Ux

Java Platform

Java Runtime Environment

Javafx

Red Hat

Suse

PT-2013-3173 · Oracle+3 · Java Runtime Environment+5

CVE-2013-1491

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 27