10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.97 High
EPSS
Percentile
99.7%
Added: 05/24/2013
CVE: CVE-2013-1488
BID: 58504
OSVDB: 91472
Oracle Java is a development platform for developing and deploying Java applications. It includes the Java Development Kit (JDK) and the Java Runtime Environment (JRE). The JRE provides the minimum requirements for executing a Java application (e.g., an applet) and consists of the Java Virtual Machine (JVM), core classes and supporting files.
A vulnerability in the **java.sql.DriverManager**
class allows arbitrary command execution outside the security sandbox due to an implicit call to the **toString()**
function that is made within a doPrivileged block.
Upgrade to the current version of Java SE.
<http://www.zerodayinitiative.com/advisories/ZDI-13-076/>
<http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html>
Exploit works on JRE 7 Update 17 on Windows XP SP3 (DEP OptIn), Windows 7 SP1 (DEP OptIn), and Ubuntu 12.10, and requires the user to open the exploit page in Internet Explorer on Windows or Firefox on Linux.
Windows
Linux