CVE-2013-0402Improper Restriction of Operations within the Bounds of a Memory Buffer in Oracle Javafx

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer12 documents6 sources
Severity
10.0CRITICALNVD
EPSS
5.1%
top 10.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Oracle JavafxOracle JDKOracle JRE
Timeline
PublishedMar 8
Latest updateMay 5

Description

Heap-based buffer overflow in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via unspecified vectors related to JavaFX, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

NVDoracle/javafx2.2.7
NVDoracle/jdk1.7.0
NVDoracle/jre1.7.0

🔴Vulnerability Details

2
GHSA
GHSA-8256-4rjv-442v: Heap-based buffer overflow in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 22022-05-05
CVEList
CVE-2013-0402: Heap-based buffer overflow in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 22013-03-08

💥Exploits & PoCs

1
Exploit-DB
Advantech Studio 7.0 - SCADA/HMI Directory Traversal2012-12-04

📋Vendor Advisories

4
Red Hat
JDK: multiple unspecified JavaFX vulnerabilities fixed in 7u21 (JavaFX)2013-04-16
Red Hat
JDK: multiple unspecified JavaFX vulnerabilities fixed in 7u21 (JavaFX)2013-04-16
Red Hat
JDK: multiple unspecified JavaFX vulnerabilities fixed in 7u21 (JavaFX)2013-04-16
Red Hat
JDK: unspecified JavaFX buffer overflow leading to JVM compromise (CanSecWest 2013, JavaFX)2013-03-06

💬Community

2
Bugzilla
Oracle JDK: multiple unspecified JavaFX vulnerabilities fixed in 7u21 (JavaFX)2013-04-17
Bugzilla
CVE-2013-0402 Oracle JDK: unspecified JavaFX buffer overflow leading to JVM compromise (CanSecWest 2013, JavaFX)2013-03-11
CVE-2013-0402 — Oracle Javafx vulnerability | cvebase