Lucene search
Vitaliy ToropovZDI-13-153HistoryJun 27, 2013 - 12:00 a.m.
Oracle Java AWT Memory Corruption Remote Code Execution Vulnerability
2013-06-2700:00:00
Vitaliy Toropov
www.zerodayinitiative.com
25
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.885 High
EPSS
Percentile
98.7%
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AWT mlib library. The issue lies in a failure to properly validate the number of channels leading to out-of-bounds array accesses. An attacker can leverage this vulnerability to execute code under the context of the current process.
Related
packetstorm
packetstorm
Java storeImageArray() Invalid Array Indexing
2013-08-16 00:00:00
thn
thn
Java-Bot, a Cross-platform malware launching DDoS attacks from infected computers
2014-01-29 00:58:00
New Mac OS Malware exploited two known Java vulnerabilities
2013-09-24 04:15:00
New Mac OS Malware exploited two known Java vulnerabilities
2013-09-24 15:15:00
threatpost
threatpost
Energy Watering Hole Attack Used LightsOut Exploit Kit
2014-03-13 13:56:15
Malicious Java App is Cross-Platform Botnet
2014-01-28 14:19:32
AskMen Purportedly Compromised by Nuclear Pack Kit
2014-06-24 09:10:34
cve
cve
CVE-2013-2465
2013-06-18 22:55:02
CVE-2013-2464
2013-06-18 22:55:00
saint
saint
Oracle Java Runtime Environment AWT storeImageArray Vulnerability
2013-08-30 00:00:00
Oracle Java Runtime Environment AWT storeImageArray Vulnerability
2013-08-30 00:00:00
Oracle Java Runtime Environment AWT storeImageArray Vulnerability
2013-08-30 00:00:00
metasploit
metasploit
Java storeImageArray() Invalid Array Indexing Vulnerability
2013-08-15 23:34:51
cisa_kev
cisa_kev
Oracle Java SE Unspecified Vulnerability
2022-03-28 00:00:00
symantec
symantec
Oracle Java SE CVE-2013-2465 Memory Corruption Vulnerability
2013-06-18 00:00:00
attackerkb
attackerkb
CVE-2013-2465
2013-06-18 00:00:00
CVE-2013-2464
2013-06-18 00:00:00
seebug
seebug
Java storeImageArray() Invalid Array Indexing Vulnerability
2014-07-01 00:00:00
veracode
veracode
Sandbox Restrictions Bypass
2019-05-02 04:45:33
Information Disclosure
2019-05-02 04:46:29
Privilege Escalation
2019-05-02 04:46:31
checkpoint_advisories
checkpoint_advisories
LightsOut/Hello Exploit Kit (CVE-2013-2465)
2014-07-03 00:00:00
zdt
zdt
Java storeImageArray() Invalid Array Indexing Vulnerability
2013-08-17 00:00:00
prion
prion
Design/Logic Flaw
2013-06-18 22:55:00
Design/Logic Flaw
2013-06-18 22:55:00
ubuntucve
ubuntucve
CVE-2013-2465
2013-06-18 00:00:00
CVE-2013-2464
2013-06-18 00:00:00
exploitdb
exploitdb
Java - 'storeImageArray()' Invalid Array Indexing (Metasploit)
2013-08-19 00:00:00
ibm
ibm
Security Bulletin: CICS Transaction Gateway for Multiplatforms
2022-09-25 22:39:39
Security Bulletin: Potential security vulnerabilities with JavaTM SDKs
2022-09-25 21:06:56
suse
suse
Security update for IBM Java 1.4.2 (important)
2013-08-05 20:04:12
Security update for java-1_4_2-ibm (important)
2013-07-27 17:04:24
Security update for java-1_6_0-openjdk (important)
2013-07-23 22:04:14
nessus
nessus
SuSE 11.2 Security Update : java-1_4_2-ibm (SAT Patch Number 8109)
2013-07-28 00:00:00
SuSE 10 Security Update : java-1_4_2-ibm (ZYPP Patch Number 8652)
2013-07-28 00:00:00
Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2013-1014)
2013-07-12 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2013:1264-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:1293-2)
2021-06-09 00:00:00
Oracle Java SE Multiple Vulnerabilities -03 June 13 (Windows)
2013-06-24 00:00:00
amazon
amazon
Important: java-1.6.0-openjdk
2013-07-12 15:31:00
Important: java-1.7.0-openjdk
2013-06-20 14:14:00
mageia
mageia
Updated java-1.6.0-openjdk packages fix security vulnerabilities
2013-07-16 11:26:07
Updated java-1.7.0-openjdk packages fix multiple security vulnerabilities
2013-06-26 22:13:26
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2013-07-03 00:00:00
java-1.7.0-openjdk security update
2013-06-19 00:00:00
java-1.7.0-openjdk security update
2013-06-19 00:00:00
redhat
redhat
(RHSA-2013:1014) Important: java-1.6.0-openjdk security update
2013-07-03 00:00:00
(RHSA-2013:1081) Important: java-1.5.0-ibm security update
2013-07-16 00:00:00
(RHSA-2013:0957) Critical: java-1.7.0-openjdk security update
2013-06-19 00:00:00
centos
centos
java security update
2013-07-04 10:07:44
java security update
2013-06-20 06:43:01
java security update
2013-06-20 06:46:44
debian
debian
[SECURITY] [DSA 2727-1] openjdk-6 security update
2013-07-25 21:11:57
[SECURITY] [DSA 2722-1] openjdk-7 security update
2013-07-15 15:52:23
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2013-07-23 00:00:00
IcedTea Web update
2013-07-16 00:00:00
OpenJDK 7 vulnerabilities
2013-07-16 00:00:00
securityvulns
securityvulns
Oracle Java multiple security vulnerabilities
2013-08-28 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0413
2023-06-19 00:00:00
gentoo
gentoo
IcedTea JDK: Multiple vulnerabilities
2014-06-29 00:00:00
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.885 High
EPSS
Percentile
98.7%
Related for ZDI-13-153