Lucene search

K
saintSAINT CorporationSAINT:D5BB5F482A2457E3A68B487877468626
HistoryApr 04, 2013 - 12:00 a.m.

Java Runtime Environment Color Management memory overwrite

2013-04-0400:00:00
SAINT Corporation
my.saintcorporation.com
45

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.967 High

EPSS

Percentile

99.6%

Added: 04/04/2013
CVE: CVE-2013-1493
BID: 58238
OSVDB: 90737

Background

The Java Runtime Environment (JRE) is part of the Java Development Kit (JDK), a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java application; it consists of the Java Virtual Machine (JVM), core classes, and supporting files.

Problem

A memory overwrite vulnerability in the Color Management code in the JVM process allows command execution when a specially crafted JAR file is opened.

Resolution

Upgrade to a version higher than JRE 7 Update 15, JRE 6 Update 41, or JRE 5.0 Update 40.

References

<http://www.kb.cert.org/vuls/id/688246&gt;

Limitations

Exploit works on JRE 7 Update 15 and requires a user to open the exploit page in a browser.

Platforms

Windows

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.967 High

EPSS

Percentile

99.6%