cbcvebase.
CVE-2013-1491
published 2013-03-08

CVE-2013-1491: The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7…

PriorityP359critical10CVSS 2.0
AVNACLAuNCCICAC
EPSS
16.42%
96.6th percentile
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013.

Affected

25 ranges
VendorProductVersion rangeFixed in
oraclejavafx<= 2.2.7
oraclejavafx
oraclejavafx
oraclejavafx
oraclejavafx
oraclejavafx
oraclejavafx
oraclejavafx
oraclejavafx
oraclejdk<= 1.7.0
oraclejdk<= 1.6.0
oraclejdk<= 1.5.0
oraclejdk
oraclejdk
oraclejdk
oraclejre<= 1.7.0
oraclejre<= 1.6.0
oraclejre<= 1.5.0
oraclejre
oraclejre
oraclejre
sunjdk
sunjdk
sunjre
sunjre

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.