PT-2013-3173 · Oracle+3 · Java Runtime Environment+5

Published

2013-03-08

·

Updated

2017-09-19

·

CVE-2013-1491

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Java Runtime Environment (JRE) versions prior to 7 Update 18 Java Runtime Environment (JRE) versions prior to 6 Update 44 Java Runtime Environment (JRE) versions prior to 5.0 Update 42 JavaFX versions prior to 2.2.8
Description The issue allows remote attackers to execute arbitrary code via vectors related to 2D. This was demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013.
Recommendations For Java Runtime Environment (JRE) versions prior to 7 Update 18, update to version 7 Update 18 or later. For Java Runtime Environment (JRE) versions prior to 6 Update 44, update to version 6 Update 44 or later. For Java Runtime Environment (JRE) versions prior to 5.0 Update 42, update to version 5.0 Update 42 or later. For JavaFX versions prior to 2.2.8, update to version 2.2.8 or later.

Exploit

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2013-1491
HPSBUX02889
HPSBUX02922
RHSA-2013:0757
RHSA-2013:0758
RHSA-2013:0822
RHSA-2013:0823
RHSA-2013:0855
RHSA-2013:1455
RHSA-2013:1456
RHSA-2013_0757
RHSA-2013_0758
RHSA-2013_0822
RHSA-2013_0823
RHSA-2013_0855
SUSE-SU-2013_0934-1
ZDI-13-078

Affected Products

Hp-Ux
Java Platform
Java Runtime Environment
Javafx
Red Hat
Suse