Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiVitaliy ToropovZDI-13-157
HistoryJun 27, 2013 - 12:00 a.m.

Oracle Java CMMImageLayout Memory Corruption Remote Code Execution Vulnerability

2013-06-2700:00:00
Vitaliy Toropov
www.zerodayinitiative.com
17

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.08 Low

EPSS

Percentile

94.3%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the CMMImageLayout class. The issue lies in the failure to validate every element of the data offsets array. An attacker can leverage this vulnerability to execute code under the context of the current process.

Related

prion 1
cve 1
attackerkb 1
ubuntucve 1
ibm 15
nessus 26
suse 11
openvas 13
redhat 7
veracode 10
securityvulns 1
gentoo 1
prion
prion
Design/Logic Flaw
2013-06-18 22:55:00
cve
cve
CVE-2013-2464
2013-06-18 22:55:00
attackerkb
attackerkb
CVE-2013-2464
2013-06-18 00:00:00
ubuntucve
ubuntucve
CVE-2013-2464
2013-06-18 00:00:00
ibm
ibm
Security Bulletin: CICS Transaction Gateway for Multiplatforms
2022-09-25 22:39:39
Security Bulletin: Flex System Manager (FSM) – June 2013 Java Vulnerabilities
2022-05-16 16:03:13
Security Bulletin: WebSphere Application Server - Oracle CPU shipped with Rational Application Developer for WebSphere Software June 2013 (CVE-2013-1571)
2020-02-05 00:09:48
nessus
nessus
SuSE 11.2 Security Update : java-1_4_2-ibm (SAT Patch Number 8109)
2013-07-28 00:00:00
SuSE 10 Security Update : java-1_4_2-ibm (ZYPP Patch Number 8652)
2013-07-28 00:00:00
SuSE 10 Security Update : java-1_5_0-ibm (ZYPP Patch Number 8653)
2013-07-28 00:00:00
suse
suse
Security update for IBM Java 1.4.2 (important)
2013-08-05 20:04:12
Security update for java-1_4_2-ibm (important)
2013-07-27 17:04:24
Security update for java-1_5_0-ibm (important)
2013-07-30 17:04:11
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2013:1264-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:1293-2)
2021-06-09 00:00:00
Oracle Java SE Multiple Vulnerabilities -03 June 13 (Windows)
2013-06-24 00:00:00
redhat
redhat
(RHSA-2013:1081) Important: java-1.5.0-ibm security update
2013-07-16 00:00:00
(RHSA-2013:1059) Critical: java-1.6.0-ibm security update
2013-07-15 00:00:00
(RHSA-2013:0963) Critical: java-1.7.0-oracle security update
2013-06-20 00:00:00
veracode
veracode
Privilege Escalation
2019-05-02 04:46:29
Privilege Escalation
2019-05-02 04:46:31
Information Disclosure
2019-05-02 04:46:29
securityvulns
securityvulns
Oracle Java multiple security vulnerabilities
2013-08-28 00:00:00
gentoo
gentoo
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.08 Low

EPSS

Percentile

94.3%

JSON
Related for ZDI-13-157
prion1cve1attackerkb1ubuntucve1ibm15nessus26suse11openvas13redhat7veracode10securityvulns1gentoo1