PT-2013-3475 · Oracle+3 · Icedtea-Web+3
Published
2013-04-17
·
Updated
2018-10-30
·
CVE-2013-1927
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
IcedTea-Web plugin versions prior to 1.2.3
IcedTea-Web plugin versions 1.3.x prior to 1.3.2
Description
The issue allows remote attackers to execute arbitrary code via a crafted file that validates as both a GIF and a Java JAR file, also known as "GIFAR."
Recommendations
For versions prior to 1.2.3, update to version 1.2.3 or later.
For versions 1.3.x prior to 1.3.2, update to version 1.3.2 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Centos
Icedtea-Web
Red Hat
Suse