Oracle Java java.awt.image.ByteComponentRaster Overflow

Added: 10/24/2013
CVE: CVE-2013-2473
BID: 60623
OSVDB: 94336

Background

Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets.

Problem

A vulnerability in Java Runtime Environment java.awt.image.ByteComponentRaster class could allow a remote attacker to execute arbitrary code if a user is tricked into opening a specially crafted web page.

Resolution

Apply patches as described in the Oracle Java SE Critical Patch Update Advisory - June 2013.

References

<http://www.zerodayinitiative.com/advisories/ZDI-13-154/&gt;

Limitations

Exploit works on Oracle JRE 7 Update 21 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

The target user must open the exploit file in Internet Explorer on Windows.

Platforms

Windows