CVE-2013-1491 — Code Injection in Oracle Javafx

CWE-94 — Code Injection10 documents4 sources

Severity

10.0CRITICALNVD

NVD7.6

EPSS

19.6%

top 4.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Javafx Oracle JDK Oracle JRE +2 more

Timeline

PublishedMar 8

Latest updateMay 17

Description

The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages5 packages

▶NVDoracle/javafx2.2.7+8

▶NVDoracle/jdk1.7.0+5

▶NVDoracle/jre1.7.0+5

▶NVDsun/jdk1.5.0, 1.6.0+1

▶NVDsun/jre1.5.0, 1.6.0+1

🔴Vulnerability Details

GHSA

GHSA-w2h9-vx32-mw67: The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5↗2022-05-17

▶

GHSA

GHSA-7569-gw6r-r73h: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5↗2022-05-14

▶

GHSA

GHSA-pm4f-9p32-rfm4: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5↗2022-05-14

▶

📋Vendor Advisories

Red Hat

JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)↗2013-04-16

▶

Red Hat

JDK: unspecified vulnerability fixed in 7u21 and 6u45 (2D)↗2013-04-16

▶

Red Hat

JDK: unspecified sanbox bypass (CanSecWest 2013, 2D)↗2013-03-06

▶

💬Community

Bugzilla

CVE-2013-1491 Oracle JDK: unspecified sanbox bypass (CanSecWest 2013, 2D)↗2013-03-11

▶