Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:63E74B1A446F7005BEB2A09AC8DDDC6F
HistorySep 04, 2013 - 12:00 a.m.

Java Runtime Environment java.awt.image.IntegerComponentRaster buffer overflow

2013-09-0400:00:00
SAINT Corporation
download.saintcorporation.com
21

0.943 High

EPSS

Percentile

99.2%

JSON

Added: 09/04/2013
CVE: CVE-2013-2471
BID: 60659
OSVDB: 94357

Background

The Java Runtime Environment (JRE) is part of the Java Development Kit (JDK), a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java application; it consists of the Java Virtual Machine (JVM), core classes, and supporting files.

Problem

A buffer overflow vulnerability in the java.awt.image.IntegerComponentRaster class could allow a Java applet to execute arbitrary commands when a user loads a malicious web page.

Resolution

Upgrade to JRE 7 Update 22 or higher.

References

<http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html&gt;
<http://www.zerodayinitiative.com/advisories/ZDI-13-152/&gt;

Limitations

Exploit works on Oracle JRE 7 Update 21 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn). The exploit page must be opened in Internet Explorer.

Platforms

Windows

Related

saint 3
nvd 2
checkpoint_advisories 1
cve 2
veracode 11
symantec 1
zdi 1
ubuntucve 2
prion 2
cvelist 2
thn 2
attackerkb 1
ibm 15
suse 13
nessus 50
openvas 45
mageia 2
amazon 2
centos 3
redhat 10
oraclelinux 3
debian 2
ubuntu 3
securityvulns 1
gentoo 2
saint
saint
Java Runtime Environment java.awt.image.IntegerComponentRaster buffer overflow
2013-09-04 00:00:00
Java Runtime Environment java.awt.image.IntegerComponentRaster buffer overflow
2013-09-04 00:00:00
Java Runtime Environment java.awt.image.IntegerComponentRaster buffer overflow
2013-09-04 00:00:00
nvd
nvd
CVE-2013-2471
2013-06-18 22:55:02
CVE-2013-2464
2013-06-18 22:55:02
checkpoint_advisories
checkpoint_advisories
Oracle Java java.awt.image.IntegerComponentRaster Memory Corruption (CVE-2013-2471)
2013-08-27 00:00:00
cve
cve
CVE-2013-2471
2013-06-18 22:55:02
CVE-2013-2464
2013-06-18 22:55:02
veracode
veracode
Sandbox Restrictions Bypass
2019-05-02 04:45:33
Privilege Escalation
2019-05-02 04:46:31
Information Disclosure
2019-05-02 04:46:29
symantec
symantec
Oracle Java SE CVE-2013-2471 Buffer Overflow Vulnerability
2013-06-18 00:00:00
zdi
zdi
Oracle Java IntegerComponentRaster Buffer Overflow Remote Code Execution Vulnerability
2013-06-27 00:00:00
ubuntucve
ubuntucve
CVE-2013-2471
2013-06-18 00:00:00
CVE-2013-2464
2013-06-18 00:00:00
prion
prion
Design/Logic Flaw
2013-06-18 22:55:00
Design/Logic Flaw
2013-06-18 22:55:00
cvelist
cvelist
CVE-2013-2471
2013-06-18 22:00:00
CVE-2013-2464
2013-06-18 22:00:00
thn
thn
New Mac OS Malware exploited two known Java vulnerabilities
2013-09-24 04:15:00
New Mac OS Malware exploited two known Java vulnerabilities
2013-09-24 15:15:00
attackerkb
attackerkb
CVE-2013-2464
2013-06-18 00:00:00
ibm
ibm
Security Bulletin: CICS Transaction Gateway for Multiplatforms
2022-09-25 22:39:39
Security Bulletin: Flex System Manager (FSM) – June 2013 Java Vulnerabilities
2022-05-16 16:03:13
Security Bulletin: Potential security vulnerabilities with JavaTM SDKs
2022-09-25 21:06:56
suse
suse
Security update for IBM Java 1.4.2 (important)
2013-08-05 20:04:12
Security update for java-1_4_2-ibm (important)
2013-07-27 17:04:24
Security update for IBMJava5 JRE and IBMJava5 SDK (important)
2013-08-02 23:04:12
nessus
nessus
SuSE 11.2 Security Update : java-1_4_2-ibm (SAT Patch Number 8109)
2013-07-28 00:00:00
SuSE 10 Security Update : java-1_4_2-ibm (ZYPP Patch Number 8652)
2013-07-28 00:00:00
Oracle Linux 5 / 6 : java-1.6.0-openjdk (ELSA-2013-1014)
2013-07-12 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2013:1264-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2013:1293-2)
2021-06-09 00:00:00
Oracle Java SE Multiple Vulnerabilities -03 June 13 (Windows)
2013-06-24 00:00:00
mageia
mageia
Updated java-1.6.0-openjdk packages fix security vulnerabilities
2013-07-16 11:26:07
Updated java-1.7.0-openjdk packages fix multiple security vulnerabilities
2013-06-26 22:13:26
amazon
amazon
Important: java-1.6.0-openjdk
2013-07-12 15:31:00
Important: java-1.7.0-openjdk
2013-06-20 14:14:00
centos
centos
java security update
2013-07-04 10:07:44
java security update
2013-06-20 06:43:01
java security update
2013-06-20 06:46:44
redhat
redhat
(RHSA-2013:1014) Important: java-1.6.0-openjdk security update
2013-07-03 00:00:00
(RHSA-2013:1081) Important: java-1.5.0-ibm security update
2013-07-16 00:00:00
(RHSA-2013:0957) Critical: java-1.7.0-openjdk security update
2013-06-19 00:00:00
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2013-07-03 00:00:00
java-1.7.0-openjdk security update
2013-06-19 00:00:00
java-1.7.0-openjdk security update
2013-06-19 00:00:00
debian
debian
[SECURITY] [DSA 2727-1] openjdk-6 security update
2013-07-25 21:11:57
[SECURITY] [DSA 2722-1] openjdk-7 security update
2013-07-15 15:52:23
ubuntu
ubuntu
OpenJDK 7 vulnerabilities
2013-07-16 00:00:00
IcedTea Web update
2013-07-16 00:00:00
OpenJDK 6 vulnerabilities
2013-07-23 00:00:00
securityvulns
securityvulns
Oracle Java multiple security vulnerabilities
2013-08-28 00:00:00
gentoo
gentoo
IcedTea JDK: Multiple vulnerabilities
2014-06-29 00:00:00
Oracle JRE/JDK: Multiple vulnerabilities
2014-01-27 00:00:00

0.943 High

EPSS

Percentile

99.2%

JSON
Related for SAINT:63E74B1A446F7005BEB2A09AC8DDDC6F
saint3nvd2checkpoint_advisories1cve2veracode11symantec1zdi1ubuntucve2prion2cvelist2thn2attackerkb1ibm15suse13nessus50openvas45mageia2amazon2centos3redhat10oraclelinux3debian2ubuntu3securityvulns1gentoo2