Lucene search

K
cveOracleCVE-2013-1491
HistoryMar 08, 2013 - 6:55 p.m.

CVE-2013-1491

2013-03-0818:55:01
CWE-94
oracle
web.nvd.nist.gov
136
java
runtime environment
jre
oracle
cve
security
remote code execution
java se
vulnerability

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

0.823

Percentile

98.4%

The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013.

Affected configurations

Nvd
Node
oraclejdkMatch1.7.0update17
OR
oraclejreMatch1.7.0update17
VendorProductVersionCPE
oraclejdk1.7.0cpe:2.3:a:oracle:jdk:1.7.0:update17:*:*:*:*:*:*
oraclejre1.7.0cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*

References

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

Low

EPSS

0.823

Percentile

98.4%