PT-2013-3170 · Oracle+3 · Oracle Java Se+5

James Forshaw

Published

2013-03-08

Updated

2025-09-29

CVE-2013-1488

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 7 Update 17 and earlier OpenJDK versions 6 and 7

Description The issue allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, and the JDBC driver manager. This was demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013.

Recommendations For Oracle Java SE versions 7 Update 17 and earlier, update to a version later than 7 Update 17 to resolve the issue. For OpenJDK versions 6 and 7, consider disabling the JDBC driver manager as a temporary workaround until a patch is available.

Exploit

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

ALSA-2025_16880

CESA-2013_0751

CESA-2013_0770

CVE-2013-1488

ELSA-2013-0751

ELSA-2013-0770

OPENSUSE-SU-2024:10534-1

RHSA-2013:0751

RHSA-2013:0752

RHSA-2013:0757

RHSA-2013:0770

RHSA-2013:0822

RHSA-2013_0751

RHSA-2013_0752

RHSA-2013_0757

RHSA-2013_0770

RHSA-2013_0822

ZDI-13-076

Affected Products

Centos

Java Platform

Openjdk

Oracle Java Se

Red Hat

Suse

PT-2013-3170 · Oracle+3 · Oracle Java Se+5

CVE-2013-1488

Weakness Enumeration

Related Identifiers

Affected Products

References · 336