Lucene search

K
saintSAINT CorporationSAINT:F7618DCB66682A3F976EA5F620B3D5EF
HistoryOct 24, 2013 - 12:00 a.m.

Oracle Java java.awt.image.ByteComponentRaster Overflow

2013-10-2400:00:00
SAINT Corporation
www.saintcorporation.com
35

EPSS

0.949

Percentile

99.3%

Added: 10/24/2013
CVE: CVE-2013-2473
BID: 60623
OSVDB: 94336

Background

Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets.

Problem

A vulnerability in Java Runtime Environment java.awt.image.ByteComponentRaster class could allow a remote attacker to execute arbitrary code if a user is tricked into opening a specially crafted web page.

Resolution

Apply patches as described in the Oracle Java SE Critical Patch Update Advisory - June 2013.

References

<http://www.zerodayinitiative.com/advisories/ZDI-13-154/&gt;

Limitations

Exploit works on Oracle JRE 7 Update 21 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

The target user must open the exploit file in Internet Explorer on Windows.

Platforms

Windows