Added: 08/30/2013
CVE: CVE-2013-2465
BID: 60657
OSVDB: 94339
Java Runtime Environment (JRE) allows end users to run Java applications.
A buffer overflow vulnerability in the storeImageArray function of the Abstract Window Toolkit (AWT) library (**awt.dll**
) allows command execution when a user loads a specially crafted web page.
Apply patches as described in the June 2013 Oracle Critical Patch Update.
<http://www.zerodayinitiative.com/advisories/ZDI-13-153/>
This exploit has been tested against Oracle JRE 7 Update 21 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).
The user must open the exploit with Internet Explorer on the target.
Windows