Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiVitaliy ToropovZDI-13-154
HistoryJun 27, 2013 - 12:00 a.m.

Oracle Java ByteComponentRaster Buffer Overflow Remote Code Execution Vulnerability

2013-06-2700:00:00
Vitaliy Toropov
www.zerodayinitiative.com
21

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.945 High

EPSS

Percentile

99.2%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the java.awt.image.ByteComponentRaster class. The issue lies in the failure to properly verify that a buffer is large enough prior to copying data into it. An attacker can leverage this vulnerability to execute code under the context of the current process.

Related

saint 4
checkpoint_advisories 2
prion 2
cve 2
veracode 11
ubuntucve 2
threatpost 1
attackerkb 1
ibm 15
nessus 50
suse 13
openvas 45
oraclelinux 3
redhat 10
centos 3
amazon 2
mageia 2
debian 2
ubuntu 3
securityvulns 1
gentoo 2
saint
saint
Oracle Java java.awt.image.ByteComponentRaster Overflow
2013-10-24 00:00:00
Oracle Java java.awt.image.ByteComponentRaster Overflow
2013-10-24 00:00:00
Oracle Java java.awt.image.ByteComponentRaster Overflow
2013-10-24 00:00:00
checkpoint_advisories
checkpoint_advisories
Oracle Java java.awt.image.ByteComponentRaster Memory Corruption - Ver2 (CVE-2013-2473)
2014-04-16 00:00:00
Oracle Java java.awt.image.ByteComponentRaster Memory Corruption (CVE-2013-2473)
2013-09-09 00:00:00
prion
prion
Design/Logic Flaw
2013-06-18 22:55:00
Design/Logic Flaw
2013-06-18 22:55:00
cve
cve
CVE-2013-2473
2013-06-18 22:55:00
CVE-2013-2464
2013-06-18 22:55:00
veracode
veracode
Sandbox Restrictions Bypass
2019-05-02 04:45:33
Privilege Escalation
2019-05-02 04:46:31
Information Disclosure
2019-05-02 04:46:29
ubuntucve
ubuntucve
CVE-2013-2473
2013-06-18 00:00:00
CVE-2013-2464
2013-06-18 00:00:00
threatpost
threatpost
Many Flash, Java Users Running Older, Vulnerable Versions
2013-09-06 07:40:52
attackerkb
attackerkb
CVE-2013-2464
2013-06-18 00:00:00
ibm
ibm
Security Bulletin: CICS Transaction Gateway for Multiplatforms
2022-09-25 22:39:39
Security Bulletin: Flex System Manager (FSM) – June 2013 Java Vulnerabilities
2022-05-16 16:03:13
Security Bulletin: Potential security vulnerabilities with JavaTM SDKs
2022-09-25 21:06:56
nessus
nessus
SuSE 11.2 Security Update : java-1_4_2-ibm (SAT Patch Number 8109)
2013-07-28 00:00:00
SuSE 10 Security Update : java-1_4_2-ibm (ZYPP Patch Number 8652)
2013-07-28 00:00:00
Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2013-207)
2013-09-04 00:00:00
suse
suse
Security update for IBM Java 1.4.2 (important)
2013-08-05 20:04:12
Security update for java-1_4_2-ibm (important)
2013-07-27 17:04:24
Security update for java-1_5_0-ibm (important)
2013-07-30 17:04:11
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2013:1264-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:1293-2)
2021-06-09 00:00:00
Oracle Java SE Multiple Vulnerabilities -03 June 13 (Windows)
2013-06-24 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2013-07-03 00:00:00
java-1.7.0-openjdk security update
2013-06-19 00:00:00
java-1.7.0-openjdk security update
2013-06-19 00:00:00
redhat
redhat
(RHSA-2013:1014) Important: java-1.6.0-openjdk security update
2013-07-03 00:00:00
(RHSA-2013:1081) Important: java-1.5.0-ibm security update
2013-07-16 00:00:00
(RHSA-2013:0957) Critical: java-1.7.0-openjdk security update
2013-06-19 00:00:00
centos
centos
java security update
2013-07-04 10:07:44
java security update
2013-06-20 06:43:01
java security update
2013-06-20 06:46:44
amazon
amazon
Important: java-1.6.0-openjdk
2013-07-12 15:31:00
Important: java-1.7.0-openjdk
2013-06-20 14:14:00
mageia
mageia
Updated java-1.6.0-openjdk packages fix security vulnerabilities
2013-07-16 11:26:07
Updated java-1.7.0-openjdk packages fix multiple security vulnerabilities
2013-06-26 22:13:26
debian
debian
[SECURITY] [DSA 2727-1] openjdk-6 security update
2013-07-25 21:12:25
[SECURITY] [DSA 2722-1] openjdk-7 security update
2013-07-15 15:53:07
ubuntu
ubuntu
OpenJDK 6 vulnerabilities
2013-07-23 00:00:00
OpenJDK 7 vulnerabilities
2013-07-16 00:00:00
IcedTea Web update
2013-07-16 00:00:00
securityvulns
securityvulns
Oracle Java multiple security vulnerabilities
2013-08-28 00:00:00
gentoo
gentoo
IcedTea JDK: Multiple vulnerabilities
2014-06-29 00:00:00
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.945 High

EPSS

Percentile

99.2%

JSON
Related for ZDI-13-154
saint4checkpoint_advisories2prion2cve2veracode11ubuntucve2threatpost1attackerkb1ibm15nessus50suse13openvas45oraclelinux3redhat10centos3amazon2mageia2debian2ubuntu3securityvulns1gentoo2