SAINT CorporationSAINT:AA4E39EFE54178E26BAAF5E61DAEBD26Oracle Java Serviceability Subcomponent ProviderSkeleton Class Vulnerability
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.968 High
EPSS
Percentile
99.7%
Added: 07/11/2013
CVE: CVE-2013-2460
BID: 60635
OSVDB: 94346
Background
Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets.
Problem
A vulnerability in the Serviceability subcomponent of Java Runtime Environment could allow a remote attacker to execute arbitrary code if a user is tricked into opening a web page with a specially crafted applet. Oracle JRE 7 Update 21 and earlier are vulnerable.
Resolution
Apply patches as directed in Oracle Java SE Critical Patch Update Advisory - June 2013.
References
<http://www.oracle.com/technetwork/topics/security/javacpujun2013verbose-1899853.html>
Limitations
This exploit has been tested against Oracle JRE 7 Update 21 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).
The user must open the exploit using Internet Explorer on Windows.
Platforms
Windows
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.968 High
EPSS
Percentile
99.7%