CVE-2013-2416
published 2013-04-17CVE-2013-2416: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity…
PriorityP274medium4.3CVSS 2.0
AVNACMAuNCNIPAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
8.77%
94.5th percentile
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | jdk | <= 1.7.0 | — |
| oracle | jdk | — | — |
| oracle | jre | <= 1.7.0 | — |
| oracle | jre | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for Internet Explorer loading deployJava1.dll and subsequently spawning javaws.exe with unusual or malformed arguments, particularly a second (pEmbedded) argument. ↗
- →This vulnerability is Windows/Internet Explorer-specific (ActiveX); non-Windows Java SE deployments are not affected and can be excluded from triage. ↗
- ·The SEC Consult advisory was initially published with an incorrect CVE identifier (CVE-2013-2419); the correct CVE for this ActiveX memory corruption issue is CVE-2013-2416. ↗
- ·Affected versions span multiple Java SE release trains: 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier. ↗
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck4.3MEDIUM
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
JDK: unspecified vulnerability fixed in 7u21 (Deployment)
vendor_redhat·2013-04-16·CVSS 4.3
CVE-2013-2416 [MEDIUM] JDK: unspecified vulnerability fixed in 7u21 (Deployment)
JDK: unspecified vulnerability fixed in 7u21 (Deployment)
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
GHSA
GHSA-jqx5-64jc-mg47: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect
ghsa_unreviewed·2022-05-17
CVE-2013-2416 [MEDIUM] GHSA-jqx5-64jc-mg47: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
VulnCheck
Oracle Java SE 7 Update 17 and earlier Java Runtime Environment (JRE) Vulnerability
vulncheck·2013·CVSS 4.3
CVE-2013-2416 [MEDIUM] Oracle Java SE 7 Update 17 and earlier Java Runtime Environment (JRE) Vulnerability
Oracle Java SE 7 Update 17 and earlier Java Runtime Environment (JRE) Vulnerability
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.
Affected: Oracle Java Runtime Environment (JRE)
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.fortinet.com/content/dam/fortinet/assets/threat-reports/threat-landscape-report-2h-2023.pdf
No detection rules found.
http://rhn.redhat.com/errata/RHSA-2013-0757.htmlhttp://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.htmlhttp://www.us-cert.gov/ncas/alerts/TA13-107Ahttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16464http://rhn.redhat.com/errata/RHSA-2013-0757.htmlhttp://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.htmlhttp://www.us-cert.gov/ncas/alerts/TA13-107Ahttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16464
2013-04-17
Published
Exploited in the wild