Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:3F6DAA85E81CAABE9BFE61C0A5CCED47
HistoryAug 30, 2013 - 12:00 a.m.

Oracle Java Runtime Environment AWT storeImageArray Vulnerability

2013-08-3000:00:00
SAINT Corporation
download.saintcorporation.com
32

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.828 High

EPSS

Percentile

98.1%

JSON

Added: 08/30/2013
CVE: CVE-2013-2465
BID: 60657
OSVDB: 94339

Background

Java Runtime Environment (JRE) allows end users to run Java applications.

Problem

A buffer overflow vulnerability in the storeImageArray function of the Abstract Window Toolkit (AWT) library (**awt.dll**) allows command execution when a user loads a specially crafted web page.

Resolution

Apply patches as described in the June 2013 Oracle Critical Patch Update.

References

<http://www.zerodayinitiative.com/advisories/ZDI-13-153/&gt;

Limitations

This exploit has been tested against Oracle JRE 7 Update 21 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

The user must open the exploit with Internet Explorer on the target.

Platforms

Windows

Related

packetstorm 1
thn 3
threatpost 4
cve 2
seebug 1
veracode 11
attackerkb 2
symantec 1
saint 3
metasploit 1
cisa_kev 1
prion 2
ubuntucve 2
zdi 1
checkpoint_advisories 3
zdt 1
exploitdb 1
ibm 15
nessus 50
suse 13
openvas 45
amazon 2
redhat 10
oraclelinux 3
centos 3
debian 2
mageia 2
ubuntu 3
securityvulns 1
photon 1
gentoo 2
packetstorm
packetstorm
Java storeImageArray() Invalid Array Indexing
2013-08-16 00:00:00
thn
thn
Java-Bot, a Cross-platform malware launching DDoS attacks from infected computers
2014-01-29 00:58:00
New Mac OS Malware exploited two known Java vulnerabilities
2013-09-24 04:15:00
New Mac OS Malware exploited two known Java vulnerabilities
2013-09-24 15:15:00
threatpost
threatpost
Energy Watering Hole Attack Used LightsOut Exploit Kit
2014-03-13 13:56:15
Malicious Java App is Cross-Platform Botnet
2014-01-28 14:19:32
AskMen Purportedly Compromised by Nuclear Pack Kit
2014-06-24 09:10:34
cve
cve
CVE-2013-2465
2013-06-18 22:55:00
CVE-2013-2464
2013-06-18 22:55:00
seebug
seebug
Java storeImageArray() Invalid Array Indexing Vulnerability
2014-07-01 00:00:00
veracode
veracode
Sandbox Restrictions Bypass
2019-05-02 04:45:33
Privilege Escalation
2019-05-02 04:46:31
Arbitrary Code Execution
2019-05-02 04:46:33
attackerkb
attackerkb
CVE-2013-2465
2013-06-18 00:00:00
CVE-2013-2464
2013-06-18 00:00:00
symantec
symantec
Oracle Java SE CVE-2013-2465 Memory Corruption Vulnerability
2013-06-18 00:00:00
saint
saint
Oracle Java Runtime Environment AWT storeImageArray Vulnerability
2013-08-30 00:00:00
Oracle Java Runtime Environment AWT storeImageArray Vulnerability
2013-08-30 00:00:00
Oracle Java Runtime Environment AWT storeImageArray Vulnerability
2013-08-30 00:00:00
metasploit
metasploit
Java storeImageArray() Invalid Array Indexing Vulnerability
2013-08-15 23:34:51
cisa_kev
cisa_kev
Oracle Java SE Unspecified Vulnerability
2022-03-28 00:00:00
prion
prion
Design/Logic Flaw
2013-06-18 22:55:00
Design/Logic Flaw
2013-06-18 22:55:00
ubuntucve
ubuntucve
CVE-2013-2465
2013-06-18 00:00:00
CVE-2013-2464
2013-06-18 00:00:00
zdi
zdi
Oracle Java AWT Memory Corruption Remote Code Execution Vulnerability
2013-06-27 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Java Runtime Environment storeImageArray Buffer Overflow (CVE-2013-2465)
2013-09-01 00:00:00
LightsOut/Hello Exploit Kit (CVE-2013-2465)
2014-07-03 00:00:00
Infinity Exploit Kit Landing Page (CVE-2013-1347; CVE-2013-2423; CVE-2013-2465; CVE-2014-0322; CVE-2014-0502; CVE-2014-1776)
2014-06-10 00:00:00
zdt
zdt
Java storeImageArray() Invalid Array Indexing Vulnerability
2013-08-17 00:00:00
exploitdb
exploitdb
Java - &#039;storeImageArray()&#039; Invalid Array Indexing (Metasploit)
2013-08-19 00:00:00
ibm
ibm
Security Bulletin: CICS Transaction Gateway for Multiplatforms
2022-09-25 22:39:39
Security Bulletin: Potential security vulnerabilities with JavaTM SDKs
2022-09-25 21:06:56
Security Bulletin: Flex System Manager (FSM) – June 2013 Java Vulnerabilities
2022-05-16 16:03:13
nessus
nessus
SuSE 11.2 Security Update : java-1_4_2-ibm (SAT Patch Number 8109)
2013-07-28 00:00:00
SuSE 10 Security Update : java-1_4_2-ibm (ZYPP Patch Number 8652)
2013-07-28 00:00:00
RHEL 5 / 6 : java-1.6.0-openjdk (RHSA-2013:1014)
2013-07-05 00:00:00
suse
suse
Security update for IBM Java 1.4.2 (important)
2013-08-05 20:04:12
Security update for java-1_4_2-ibm (important)
2013-07-27 17:04:24
Security update for java-1_6_0-openjdk (important)
2013-07-23 22:04:14
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2013:1264-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:1293-2)
2021-06-09 00:00:00
Oracle Java SE Multiple Vulnerabilities -03 June 13 (Windows)
2013-06-24 00:00:00
amazon
amazon
Important: java-1.6.0-openjdk
2013-07-12 15:31:00
Important: java-1.7.0-openjdk
2013-06-20 14:14:00
redhat
redhat
(RHSA-2013:1014) Important: java-1.6.0-openjdk security update
2013-07-03 00:00:00
(RHSA-2013:1081) Important: java-1.5.0-ibm security update
2013-07-16 00:00:00
(RHSA-2013:0957) Critical: java-1.7.0-openjdk security update
2013-06-19 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2013-07-03 00:00:00
java-1.7.0-openjdk security update
2013-06-19 00:00:00
java-1.7.0-openjdk security update
2013-06-19 00:00:00
centos
centos
java security update
2013-07-04 10:07:44
java security update
2013-06-20 06:43:01
java security update
2013-06-20 06:46:44
debian
debian
[SECURITY] [DSA 2727-1] openjdk-6 security update
2013-07-25 21:12:25
[SECURITY] [DSA 2722-1] openjdk-7 security update
2013-07-15 15:53:07
mageia
mageia
Updated java-1.6.0-openjdk packages fix security vulnerabilities
2013-07-16 11:26:07
Updated java-1.7.0-openjdk packages fix multiple security vulnerabilities
2013-06-26 22:13:26
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2013-07-23 00:00:00
OpenJDK 7 vulnerabilities
2013-07-16 00:00:00
IcedTea Web update
2013-07-16 00:00:00
securityvulns
securityvulns
Oracle Java multiple security vulnerabilities
2013-08-28 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0413
2023-06-19 00:00:00
gentoo
gentoo
IcedTea JDK: Multiple vulnerabilities
2014-06-29 00:00:00
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.828 High

EPSS

Percentile

98.1%

JSON
Related for SAINT:3F6DAA85E81CAABE9BFE61C0A5CCED47
packetstorm1thn3threatpost4cve2seebug1veracode11attackerkb2symantec1saint3metasploit1cisa_kev1prion2ubuntucve2zdi1checkpoint_advisories3zdt1exploitdb1ibm15nessus50suse13openvas45amazon2redhat10oraclelinux3centos3debian2mageia2ubuntu3securityvulns1photon1gentoo2