Oracle Java Runtime Environment AWT storeImageArray Vulnerability

2013-08-30T00:00:00
ID SAINT:E93E23C25C274C1821643AB92C21FABA
Type saint
Reporter SAINT Corporation
Modified 2013-08-30T00:00:00

Description

Added: 08/30/2013
CVE: CVE-2013-2465
BID: 60657
OSVDB: 94339

Background

Java Runtime Environment (JRE) allows end users to run Java applications.

Problem

A buffer overflow vulnerability in the storeImageArray function of the Abstract Window Toolkit (AWT) library (**awt.dll**) allows command execution when a user loads a specially crafted web page.

Resolution

Apply patches as described in the June 2013 Oracle Critical Patch Update.

References

<http://www.zerodayinitiative.com/advisories/ZDI-13-153/>

Limitations

This exploit has been tested against Oracle JRE 7 Update 21 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

The user must open the exploit with Internet Explorer on the target.

Platforms

Windows