PT-2013-3171 · Google+6 · Google Chrome+7

Adam Gowdiak

Published

2013-01-31

Updated

2017-09-19

CVE-2013-1489

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Java SE 7 Update 10 and Update 11

Description The issue allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user. This occurs when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome.

Recommendations For Java SE 7 Update 10 and Update 11, consider disabling the execution of unsigned Java code until a patch is available. Restrict access to the Java Control Panel to minimize the risk of exploitation. Avoid using the "Very High" security level until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2013-1489

HPSBUX02857

RHSA-2013:0237

RHSA-2013_0237

Affected Products

Firefox

Google Chrome

Hp-Ux

Internet Explorer

Java Platform

Java Se

Opera

Red Hat

PT-2013-3171 · Google+6 · Google Chrome+7

CVE-2013-1489

Related Identifiers

Affected Products

References · 109