QwikSec

Security Database

CVE

CWE

Training

CVE-2013-1493

Published: Mar 4, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

oval:org.mitre.oval:def:19246

vdb-entry

signature

x_refsource_OVAL

https://krebsonsecurity.com/2013/03/new-java-0-day-attack-echoes-bit9-breach/

x_refsource_MISC

openSUSE-SU-2013:0438

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_GENTOO

exploit

x_refsource_EXPLOIT-DB

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_MANDRIVA

http://www.oracle.com/technetwork/topics/security/alert-cve-2013-1493-1915081.html

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_HP

vendor-advisory

x_refsource_REDHAT

third-party-advisory

x_refsource_CERT

openSUSE-SU-2013:0430

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_REDHAT

https://twitter.com/jduck1337/status/307629902574800897

x_refsource_MISC

[distro-pkg-dev] 20130304 [SECURITY] IcedTea6 1.11.9 and 1.12.4 Released!

mailing-list

x_refsource_MLIST

SUSE-SU-2013:0434

vendor-advisory

x_refsource_SUSE

http://www.symantec.com/connect/blogs/latest-java-zero-day-shares-connections-bit9-security-incident

x_refsource_MISC

vendor-advisory

x_refsource_HP

SUSE-SU-2013:0701

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_UBUNTU

vendor-advisory

x_refsource_HP

http://www.oracle.com/ocom/groups/public/%40otn/documents/webcontent/1915099.xml

x_refsource_CONFIRM

third-party-advisory

x_refsource_CERT-VN

https://bugzilla.redhat.com/show_bug.cgi?id=917553

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_HP

http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html

x_refsource_MISC

vendor-advisory

x_refsource_HP

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0088

x_refsource_CONFIRM

oval:org.mitre.oval:def:19477

vdb-entry

signature

x_refsource_OVAL

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.