Lucene search

K

PRIOn knowledge basePRION:CVE-2013-1493

HistoryMar 05, 2013 - 10:06 p.m.

Memory corruption

2013-03-0522:06:00

PRIOn knowledge base

www.prio-n.com

6

7.7 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.967 High

EPSS

Percentile

99.6%

The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.

CPENameOperatorVersion
jdkeq1.6.0 update33
jdkeq1.6.0 update25
jdkeq1.6.0 update29
jdkeq1.6.0 update31
jdkeq1.6.0 update27
jdkeq1.6.0 update24
jdkeq1.6.0 update23
jdkeq1.6.0 update22
jdkeq1.6.0 update32
jdkeq1.6.0 update26

Rows per page:

1-10 of 1741

References

blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html

h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04117626-1

lists.opensuse.org/opensuse-security-announce/2013-03/msg00009.html

lists.opensuse.org/opensuse-security-announce/2013-03/msg00011.html

lists.opensuse.org/opensuse-security-announce/2013-03/msg00012.html

lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html

mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-March/022145.html

rhn.redhat.com/errata/RHSA-2013-0601.html

rhn.redhat.com/errata/RHSA-2013-0603.html

rhn.redhat.com/errata/RHSA-2013-0604.html

rhn.redhat.com/errata/RHSA-2013-1455.html

rhn.redhat.com/errata/RHSA-2013-1456.html

security.gentoo.org/glsa/glsa-201406-32.xml

www.kb.cert.org/vuls/id/688246

www.mandriva.com/security/advisories?name=MDVSA-2013:095

www.oracle.com/ocom/groups/public/%40otn/documents/webcontent/1915099.xml

www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html

www.securityfocus.com/bid/58238

www.securitytracker.com/id/1029803

www.symantec.com/connect/blogs/latest-java-zero-day-shares-connections-bit9-security-incident

www.ubuntu.com/usn/USN-1755-2

www.us-cert.gov/ncas/alerts/TA13-064A

bugzilla.redhat.com/show_bug.cgi?id=917553

krebsonsecurity.com/2013/03/new-java-0-day-attack-echoes-bit9-breach/

marc.info/?l=bugtraq&m=136439120408139&w=2

marc.info/?l=bugtraq&m=136570436423916&w=2

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19246

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19477

twitter.com/jduck1337/status/307629902574800897

wiki.mageia.org/en/Support/Advisories/MGASA-2013-0088

www.exploit-db.com/exploits/24904

7.7 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.967 High

EPSS

Percentile

99.6%