Lucene search

K
saintSAINT CorporationSAINT:AC5E9A6AF4F1B07FD20936B034DA0A4D
HistoryApr 24, 2013 - 12:00 a.m.

Java Runtime Environment Hotspot final field vulnerability

2013-04-2400:00:00
SAINT Corporation
www.saintcorporation.com
32

EPSS

0.97

Percentile

99.8%

Added: 04/24/2013
CVE: CVE-2013-2423
BID: 59162
OSVDB: 92348

Background

The Java Runtime Environment (JRE) is part of the Java Development Kit (JDK), a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java application; it consists of the Java Virtual Machine (JVM), core classes, and supporting files.

Problem

A vulnerability in the Hotspot subcomponent of JRE allows command execution when the user runs a specially crafted Java program.

Resolution

Upgrade to JRE 5.0 Update 41, JRE 6 Update 43, or JRE 7 Update 17 or higher.

References

<http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html&gt;

Limitations

Exploit works on Oracle JRE 7 Update 17 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn), and requires a user to open the exploit page in Internet Explorer.

Platforms

Windows