QwikSec

Security Database

CVE

CWE

Training

CVE-2013-0401

Published: Mar 8, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competition at CanSecWest 2013. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to invocation of the system class loader by the sun.awt.datatransfer.ClassLoaderObjectInputStream class, which allows remote attackers to bypass Java sandbox restrictions.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

SUSE-SU-2013:0835

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_GENTOO

[distro-pkg-dev] 20130417 [SECURITY] IcedTea 1.11.10 for OpenJDK 6 Released!

mailing-list

x_refsource_MLIST

SUSE-SU-2013:0871

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_MANDRIVA

third-party-advisory

x_refsource_CERT

http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/

x_refsource_CONFIRM

vendor-advisory

x_refsource_HP

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_HP

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_HP

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124

x_refsource_CONFIRM

openSUSE-SU-2013:0777

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_MANDRIVA

openSUSE-SU-2013:0964

vendor-advisory

x_refsource_SUSE

http://www.zdnet.com/pwn2own-down-go-all-the-browsers-7000012283/

x_refsource_MISC

vendor-advisory

x_refsource_REDHAT

https://twitter.com/thezdi/status/309784608508100608

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

oval:org.mitre.oval:def:16297

vdb-entry

signature

x_refsource_OVAL

oval:org.mitre.oval:def:19641

vdb-entry

signature

x_refsource_OVAL

oval:org.mitre.oval:def:19463

vdb-entry

signature

x_refsource_OVAL

https://bugzilla.redhat.com/show_bug.cgi?id=920245

x_refsource_MISC

vendor-advisory

x_refsource_REDHAT

SUSE-SU-2013:0814

vendor-advisory

x_refsource_SUSE

http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/31c782610044

x_refsource_MISC

http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html

x_refsource_CONFIRM

http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/

x_refsource_CONFIRM

vendor-advisory

x_refsource_HP

http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.