This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the sun.java2d.cmm.kcms.CMM.cmmColorConvert’s native function. The issue lies in the handling of the destCMMImageLayout argument, which is not properly validated before being used. By manipulating the functions arguments an attacker can force an integer overflow to occur before indexing into an array. An attacker can leverage this vulnerability to execute code under the context of the current process.

References

www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html

checkpoint_advisories 2

threatpost 6

saint 4

prion 2

zdi 2

zdt 1

seebug 2

cve 2

veracode 1

packetstorm 1

ubuntucve 2

metasploit 1

exploitdb 1

openvas 41

nessus 55

oraclelinux 4

redhat 11

securityvulns 4

centos 4

ubuntu 2

amazon 2

suse 6

symantec 1

fedora 2

cert 1

ibm 12

qualysblog 1

gentoo 2

checkpoint_advisories

Oracle Java Runtime CMM Code Execution (CVE-2013-1493)

2013-03-10 00:00:00

BlackHole Toolkit v2 JAVA Payload Stage Code Execution (CVE-2012-0507; CVE-2012-1723; CVE-2013-0422; CVE-2013-0431; CVE-2013-1493)

2013-10-27 00:00:00

threatpost

The Java Zero-Day Procession Continues

2013-03-01 16:34:30

Oracle Rushes Emergency Java Update to Patch McRAT Vulnerabilities

2013-03-04 22:37:58

65 Sites Compromised in ZeroAccess Trojan Attacks

2013-06-19 16:05:05

saint

Java Runtime Environment Color Management memory overwrite

2013-04-04 00:00:00

Java Runtime Environment Color Management memory overwrite

2013-04-04 00:00:00

Java Runtime Environment Color Management memory overwrite

2013-04-04 00:00:00

prion

Memory corruption

2013-03-05 22:06:00

Design/Logic Flaw

2013-03-05 22:06:00

zdi

Oracle Java Image ColorConvert Remote Code Execution Vulnerability

2013-06-27 00:00:00

Oracle Java Runtime Environment AWT mediaLib Remote Code Execution Vulnerability

2013-06-27 00:00:00

zdt

Java CMM Remote Code Execution Vulnerability

2013-03-28 00:00:00

seebug

Java CMM Remote Code Execution

2014-07-01 00:00:00

HP Service Manager多个安全漏洞

2014-02-25 00:00:00

cve

CVE-2013-1493

2013-03-05 22:06:00

CVE-2013-0809

2013-03-05 22:06:00

veracode

Arbitrary Code Execution

2019-05-02 04:53:58

packetstorm

Java CMM Remote Code Execution

2013-03-28 00:00:00

ubuntucve

CVE-2013-1493

2013-03-04 00:00:00

CVE-2013-0809

2013-03-04 00:00:00

metasploit

Java CMM Remote Code Execution

2013-03-26 21:30:18

exploitdb

Java CMM - Remote Code Execution (Metasploit)

2013-03-29 00:00:00

openvas

SuSE Update for java-1_6_0-openjdk openSUSE-SU-2013:0430-1 (java-1_6_0-openjdk)

2013-11-19 00:00:00

CentOS Update for java CESA-2013:0605 centos6

2013-03-12 00:00:00

Oracle: Security Advisory (ELSA-2013-0604)

2015-10-06 00:00:00

nessus

SuSE 11.2 Security Update : Java (SAT Patch Number 7457)

2013-03-13 00:00:00

CentOS 5 : java-1.6.0-openjdk (CESA-2013:0604)

2013-03-07 00:00:00

Oracle Linux 5 : java-1.6.0-openjdk (ELSA-2013-0604)

2013-07-12 00:00:00

oraclelinux

java-1.6.0-openjdk security update

2013-03-06 00:00:00

java-1.7.0-openjdk security update

2013-03-06 00:00:00

java-1.6.0-openjdk security update

2013-03-06 00:00:00

redhat

(RHSA-2013:0600) Critical: java-1.7.0-oracle security update

2013-03-06 00:00:00

(RHSA-2013:0601) Critical: java-1.6.0-sun security update

2013-03-06 00:00:00

(RHSA-2013:0604) Important: java-1.6.0-openjdk security update

2013-03-06 00:00:00

securityvulns

US-CERT Alert TA13-064A: Oracle Java Contains Multiple Vulnerabilities

2013-03-11 00:00:00

APPLE-SA-2013-03-04-1 Java for OS X 2013-002 and Mac OS X v10.6 Update 14

2013-03-11 00:00:00

[security bulletin] HPSBMU02964 rev.1 - HP Service Manager, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Remote Denial of Service (DoS), Execution of Arbitrary Code, Unauthorized Access, Disclosure of Informa

2014-03-03 00:00:00

centos

java security update

2013-03-06 21:08:42

java security update

2013-03-06 21:09:16

java security update

2013-03-06 21:15:03

ubuntu

OpenJDK 7 vulnerabilities

2013-03-07 00:00:00

OpenJDK 6 vulnerabilities

2013-03-05 00:00:00

amazon

Important: java-1.6.0-openjdk

2013-03-14 22:03:00

Important: java-1.7.0-openjdk

2013-03-14 22:03:00

suse

Security update for Java (critical)

2013-03-12 18:04:47

java-1_6_0-openjdk: update to 1.12.4 (important)

2013-03-12 11:04:28

java-1_6_0-openjdk: update to 1.12.4 (important)

2013-03-12 21:04:28

symantec

Oracle Java SE CVE-2013-1493 Remote Code Execution Vulnerability

2013-02-28 00:00:00

fedora

[SECURITY] Fedora 18 Update: java-1.7.0-openjdk-1.7.0.9-2.3.8.0.fc18

2013-03-14 02:56:25

[SECURITY] Fedora 17 Update: java-1.7.0-openjdk-1.7.0.9-2.3.8.0.fc17

2013-03-06 22:58:17

cert

Oracle Java contains multiple vulnerabilities

2013-03-05 00:00:00

ibm

Security Bulletin: Tivoli Storage Productivity Center affected by vulnerabilities in OpenSSL (CVE-2013-0169, CVE-2012-2686, CVE-2013-0166)

2022-08-19 18:23:31

Security Bulletin: Rational Functional Tester 8.x vulnerabilities due to security vulnerabilities in IBM JRE 7 SR3 or earlier, and non-IBM Java 7 (CVE-2013-0809, CVE-2013-1493, CVE-2013-0437, CVE-2012-1541, CVE-2013-0446, CVE-2012-3342, CVE-2013-0428)

2019-05-07 13:26:07

Security Bulletin: Multiple vulnerabilities in IBM Rational Build Forge (CVE-2012-3213, CVE-2013-0419, CVE-2013-0423, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0433, CVE-2013-0434, CVE-2013-0435, CVE-2013-0437, C

2018-06-17 04:45:23

qualysblog

Assess Your Risk From Ransomware Attacks, Powered by Qualys Research

2021-10-05 12:50:00

gentoo

IcedTea JDK: Multiple vulnerabilities

2014-06-29 00:00:00

Oracle JRE/JDK: Multiple vulnerabilities

2014-01-27 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.966 High

EPSS

Percentile

99.6%

JSON

Related for ZDI-13-149