Java Runtime Environment java.awt.image.IntegerComponentRaster buffer overflow

2013-09-04T00:00:00
ID SAINT:ED911F24CEFF9E30C7F2090B8B1D7319
Type saint
Reporter SAINT Corporation
Modified 2013-09-04T00:00:00

Description

Added: 09/04/2013
CVE: CVE-2013-2471
BID: 60659
OSVDB: 94357

Background

The Java Runtime Environment (JRE) is part of the Java Development Kit (JDK), a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java application; it consists of the Java Virtual Machine (JVM), core classes, and supporting files.

Problem

A buffer overflow vulnerability in the java.awt.image.IntegerComponentRaster class could allow a Java applet to execute arbitrary commands when a user loads a malicious web page.

Resolution

Upgrade to JRE 7 Update 22 or higher.

References

<http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html>
<http://www.zerodayinitiative.com/advisories/ZDI-13-152/>

Limitations

Exploit works on Oracle JRE 7 Update 21 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn). The exploit page must be opened in Internet Explorer.

Platforms

Windows