Java Runtime Environment (JRE) allows end users to run Java applications.
A buffer overflow vulnerability in the storeImageArray function of the Abstract Window Toolkit (AWT) library (
**awt.dll**) allows command execution when a user loads a specially crafted web page.
Apply patches as described in the June 2013 Oracle Critical Patch Update.
This exploit has been tested against Oracle JRE 7 Update 21 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).
The user must open the exploit with Internet Explorer on the target.