Lucene search

K
saintSAINT CorporationSAINT:12D856B846DDDEB4AC8CE7081F5E0D66
HistoryJul 11, 2013 - 12:00 a.m.

Oracle Java Serviceability Subcomponent ProviderSkeleton Class Vulnerability

2013-07-1100:00:00
SAINT Corporation
download.saintcorporation.com
37

EPSS

0.969

Percentile

99.7%

Added: 07/11/2013
CVE: CVE-2013-2460
BID: 60635
OSVDB: 94346

Background

Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets.

Problem

A vulnerability in the Serviceability subcomponent of Java Runtime Environment could allow a remote attacker to execute arbitrary code if a user is tricked into opening a web page with a specially crafted applet. Oracle JRE 7 Update 21 and earlier are vulnerable.

Resolution

Apply patches as directed in Oracle Java SE Critical Patch Update Advisory - June 2013.

References

<http://www.oracle.com/technetwork/topics/security/javacpujun2013verbose-1899853.html&gt;

Limitations

This exploit has been tested against Oracle JRE 7 Update 21 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

The user must open the exploit using Internet Explorer on Windows.

Platforms

Windows