This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within AWT mediaLib. The specific issue lies in the handling of width and height values. The width and height are multiplied against one value when allocating a buffer but is multiplied against another value when copying data into the buffer. An attacker can leverage this vulnerability to execute code under the context of the current process.

References

www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html

openvas 41

nessus 55

suse 6

oraclelinux 4

securityvulns 4

prion 2

redhat 11

threatpost 6

amazon 2

centos 4

ubuntu 2

fedora 2

cert 1

cve 2

ubuntucve 2

veracode 2

checkpoint_advisories 3

saint 4

zdi 2

seebug 2

zdt 1

packetstorm 1

metasploit 1

exploitdb 1

ibm 13

symantec 1

qualysblog 1

gentoo 2

openvas

RedHat Update for java-1.6.0-openjdk RHSA-2013:0604-01

2013-03-08 00:00:00

RedHat Update for java-1.6.0-openjdk RHSA-2013:0604-01

2013-03-08 00:00:00

RedHat Update for java-1.7.0-openjdk RHSA-2013:0602-01

2013-03-08 00:00:00

nessus

Oracle Linux 5 : java-1.7.0-openjdk (ELSA-2013-0603)

2013-07-12 00:00:00

RHEL 5 / 6 : java-1.7.0-oracle (RHSA-2013:0600)

2013-03-07 00:00:00

CentOS 5 : java-1.7.0-openjdk (CESA-2013:0603)

2013-03-08 00:00:00

suse

Security update for Java (critical)

2013-03-12 18:04:47

java-1_6_0-openjdk: update to 1.12.4 (important)

2013-03-12 11:04:28

java-1_6_0-openjdk: update to 1.12.4 (important)

2013-03-12 21:04:28

oraclelinux

java-1.7.0-openjdk security update

2013-03-06 00:00:00

java-1.6.0-openjdk security update

2013-03-06 00:00:00

java-1.6.0-openjdk security update

2013-03-06 00:00:00

securityvulns

APPLE-SA-2013-03-04-1 Java for OS X 2013-002 and Mac OS X v10.6 Update 14

2013-03-11 00:00:00

US-CERT Alert TA13-064A: Oracle Java Contains Multiple Vulnerabilities

2013-03-11 00:00:00

[security bulletin] HPSBMU02964 rev.1 - HP Service Manager, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access, Disclosure of Informa

2014-03-03 00:00:00

prion

Design/Logic Flaw

2013-03-05 22:06:00

Memory corruption

2013-03-05 22:06:00

redhat

(RHSA-2013:0600) Critical: java-1.7.0-oracle security update

2013-03-06 00:00:00

(RHSA-2013:0604) Important: java-1.6.0-openjdk security update

2013-03-06 00:00:00

(RHSA-2013:0601) Critical: java-1.6.0-sun security update

2013-03-06 00:00:00

threatpost

Oracle Rushes Emergency Java Update to Patch McRAT Vulnerabilities

2013-03-04 22:37:58

Attackers Beat Java Default Security Settings with Social Engineering

2013-03-05 17:27:40

The Java Zero-Day Procession Continues

2013-03-01 16:34:30

amazon

Important: java-1.6.0-openjdk

2013-03-14 22:03:00

Important: java-1.7.0-openjdk

2013-03-14 22:03:00

centos

java security update

2013-03-06 21:08:42

java security update

2013-03-06 21:09:16

java security update

2013-03-06 21:15:03

ubuntu

OpenJDK 7 vulnerabilities

2013-03-07 00:00:00

OpenJDK 6 vulnerabilities

2013-03-05 00:00:00

fedora

[SECURITY] Fedora 18 Update: java-1.7.0-openjdk-1.7.0.9-2.3.8.0.fc18

2013-03-14 02:56:25

[SECURITY] Fedora 17 Update: java-1.7.0-openjdk-1.7.0.9-2.3.8.0.fc17

2013-03-06 22:58:17

cert

Oracle Java contains multiple vulnerabilities

2013-03-05 00:00:00

cve

CVE-2013-0809

2013-03-05 22:06:00

CVE-2013-1493

2013-03-05 22:06:00

ubuntucve

CVE-2013-0809

2013-03-04 00:00:00

CVE-2013-1493

2013-03-04 00:00:00

veracode

Remote Code Execution (RCE)

2019-01-15 08:59:18

Arbitrary Code Execution

2019-05-02 04:53:58

checkpoint_advisories

Oracle Java 2D ImagingLib Integer Overflow (CVE-2013-0809)

2013-03-24 00:00:00

Oracle Java Runtime CMM Code Execution (CVE-2013-1493)

2013-03-10 00:00:00

BlackHole Toolkit v2 JAVA Payload Stage Code Execution (CVE-2012-0507; CVE-2012-1723; CVE-2013-0422; CVE-2013-0431; CVE-2013-1493)

2013-10-27 00:00:00

saint

Java Runtime Environment Color Management memory overwrite

2013-04-04 00:00:00

Java Runtime Environment Color Management memory overwrite

2013-04-04 00:00:00

Java Runtime Environment Color Management memory overwrite

2013-04-04 00:00:00

zdi

Oracle Java Image ColorConvert Remote Code Execution Vulnerability

2013-06-27 00:00:00

Oracle Java cmmColorConvert Remote Code Execution Vulnerability

2013-06-27 00:00:00

seebug

Java CMM Remote Code Execution

2014-07-01 00:00:00

HP Service Manager多个安全漏洞

2014-02-25 00:00:00

zdt

Java CMM Remote Code Execution Vulnerability

2013-03-28 00:00:00

packetstorm

Java CMM Remote Code Execution

2013-03-28 00:00:00

metasploit

Java CMM Remote Code Execution

2013-03-26 21:30:18

exploitdb

Java CMM - Remote Code Execution (Metasploit)

2013-03-29 00:00:00

ibm

Security Bulletin: Rational Functional Tester 8.x vulnerabilities due to security vulnerabilities in IBM JRE 7 SR3 or earlier, and non-IBM Java 7 (CVE-2013-0809, CVE-2013-1493, CVE-2013-0437, CVE-2012-1541, CVE-2013-0446, CVE-2012-3342, CVE-2013-0428)

2019-05-07 13:26:07

Security Bulletin: Tivoli Storage Productivity Center affected by vulnerabilities in OpenSSL (CVE-2013-0169, CVE-2012-2686, CVE-2013-0166)

2022-08-19 18:23:31

Security Bulletin: Multiple vulnerabilities in IBM Rational Build Forge (CVE-2012-3213, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0437, C

2018-06-17 04:45:23

symantec

Oracle Java SE CVE-2013-1493 Remote Code Execution Vulnerability

2013-02-28 00:00:00

qualysblog

Assess Your Risk From Ransomware Attacks, Powered by Qualys Research

2021-10-05 12:50:00

gentoo

IcedTea JDK: Multiple vulnerabilities

2014-06-29 00:00:00

Oracle JRE/JDK: Multiple vulnerabilities

2014-01-27 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.966 High

EPSS

Percentile

99.6%

JSON

Related for ZDI-13-148