PT-2013-3797 · Oracle+4 · Java Runtime Environment+6

Published

2013-06-18

·

Updated

2024-06-15

·

CVE-2013-2463

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Java Runtime Environment (JRE) versions 7 Update 21 and earlier Java Runtime Environment (JRE) versions 6 Update 45 and earlier Java Runtime Environment (JRE) versions 5.0 Update 45 and earlier OpenJDK 7
Description The issue affects confidentiality, integrity, and availability via unknown vectors related to 2D. It is also claimed to allow remote attackers to bypass the Java sandbox via vectors related to "Incorrect image attribute verification" in 2D, although Oracle has not commented on this claim.
Recommendations For Java Runtime Environment (JRE) versions 7 Update 21 and earlier, update to a version later than Update 21. For Java Runtime Environment (JRE) versions 6 Update 45 and earlier, update to a version later than Update 45. For Java Runtime Environment (JRE) versions 5.0 Update 45 and earlier, update to a version later than Update 45. For OpenJDK 7, consider disabling the 2D component as a temporary workaround until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CESA-2013_0957
CESA-2013_1014
CVE-2013-2463
DSA-2722-1
DSA-2727-1
HPSBUX02907
HPSBUX02908
HPSBUX02922
MGASA-2013-0185
MGASA-2013-0208
OPENSUSE-SU-2024:10534-1
RHSA-2013:0957
RHSA-2013:0958
RHSA-2013:0963
RHSA-2013:1014
RHSA-2013:1059
RHSA-2013:1060
RHSA-2013:1081
RHSA-2013:1455
RHSA-2013:1456
RHSA-2013_0957
RHSA-2013_0958
RHSA-2013_0963
RHSA-2013_1014
RHSA-2013_1059
RHSA-2013_1060
RHSA-2013_1081
RHSA-2014:0414
RHSA-2014_0414
ZDI-13-156

Affected Products

Centos
Hp-Ux
Java Platform
Java Runtime Environment
Openjdk
Red Hat
Suse