Lucene search

K
saintSAINT CorporationSAINT:98A769B89338B21BF41BB73B1BE8CFAC
HistoryOct 24, 2013 - 12:00 a.m.

Oracle Java java.awt.image.ByteComponentRaster Overflow

2013-10-2400:00:00
SAINT Corporation
download.saintcorporation.com
30

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

8.2

Confidence

High

EPSS

0.949

Percentile

99.3%

Added: 10/24/2013
CVE: CVE-2013-2473
BID: 60623
OSVDB: 94336

Background

Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets.

Problem

A vulnerability in Java Runtime Environment java.awt.image.ByteComponentRaster class could allow a remote attacker to execute arbitrary code if a user is tricked into opening a specially crafted web page.

Resolution

Apply patches as described in the Oracle Java SE Critical Patch Update Advisory - June 2013.

References

http://www.zerodayinitiative.com/advisories/ZDI-13-154/

Limitations

Exploit works on Oracle JRE 7 Update 21 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

The target user must open the exploit file in Internet Explorer on Windows.

Platforms

Windows

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

8.2

Confidence

High

EPSS

0.949

Percentile

99.3%