Lucene search

K
ubuntucveUbuntu.comUB:CVE-2013-1491
HistoryMar 08, 2013 - 12:00 a.m.

CVE-2013-1491

2013-03-0800:00:00
ubuntu.com
ubuntu.com
11

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.823

Percentile

98.4%

The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17
and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX
2.2.7 and earlier allows remote attackers to execute arbitrary code via
vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own
competition at CanSecWest 2013.

Notes

Author Note
jdstrand appears to be Oracle 7 only (ie, not OpenJDK)

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.823

Percentile

98.4%