cbcvebase.
CVE-2013-2416
published 2013-04-17

CVE-2013-2416: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity…

PriorityP274medium4.3CVSS 2.0
AVNACMAuNCNIPAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
8.77%
94.5th percentile
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.

Affected

4 ranges
VendorProductVersion rangeFixed in
oraclejdk<= 1.7.0
oraclejdk
oraclejre<= 1.7.0
oraclejre

Detection & IOCsextracted from sources · hover to see the quote

filenamedeployJava1.dll
processjavaws.exe
  • Monitor for Internet Explorer loading deployJava1.dll and subsequently spawning javaws.exe with unusual or malformed arguments, particularly a second (pEmbedded) argument.
  • This vulnerability is Windows/Internet Explorer-specific (ActiveX); non-Windows Java SE deployments are not affected and can be excluded from triage.
  • ·The SEC Consult advisory was initially published with an incorrect CVE identifier (CVE-2013-2419); the correct CVE for this ActiveX memory corruption issue is CVE-2013-2416.
  • ·Affected versions span multiple Java SE release trains: 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier.

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck4.3MEDIUM
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.