Added: 10/24/2013
CVE: CVE-2013-2473
BID: 60623
OSVDB: 94336
Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets.
A vulnerability in Java Runtime Environment java.awt.image.ByteComponentRaster class could allow a remote attacker to execute arbitrary code if a user is tricked into opening a specially crafted web page.
Apply patches as described in the Oracle Java SE Critical Patch Update Advisory - June 2013.
<http://www.zerodayinitiative.com/advisories/ZDI-13-154/>
Exploit works on Oracle JRE 7 Update 21 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).
The target user must open the exploit file in Internet Explorer on Windows.
Windows