what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 14 of 14 RSS Feed

CVE-2013-1493

Status Candidate

Overview

The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.

Related Files

HP Security Bulletin HPSBMU02964 2
Posted May 13, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02964 2 - Potential security vulnerabilities have been identified with HP Service Manager. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS), Denial of Service (DoS), execution of arbitrary code, unauthorized access, disclosure of Information, and authentication issues. Revision 2 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, xss
advisories | CVE-2013-1493, CVE-2013-2067, CVE-2013-6202
SHA-256 | 7536e013715c64e1f248c90d283d725b3de0798c35db1e550b482af5f497718f
HP Security Bulletin HPSBMU02964
Posted Feb 24, 2014
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02964 - Potential security vulnerabilities have been identified with HP Service Manager. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Denial of Service (DoS), execution of arbitrary code, unauthorized access, disclosure of Information, and authentication issues. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability, xss, csrf
advisories | CVE-2013-1493, CVE-2013-2067, CVE-2013-6202
SHA-256 | c063f157a63c0bae841f9ebeda8031d30b8036d3ba7f4f41bb8a0666b7788340
Java CMM Remote Code Execution
Posted Mar 28, 2013
Authored by juan vazquez, temp66 | Site metasploit.com

This Metasploit module abuses the Color Management classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February and March of 2013. The vulnerability affects Java version 7u15 and earlier and 6u41 and earlier and has been tested successfully on Windows XP SP3 and Windows 7 SP1 systems. This exploit doesn't bypass click-to-play, so the user must accept the java warning in order to run the malicious applet.

tags | exploit, java, arbitrary
systems | windows
advisories | CVE-2013-1493, OSVDB-90737
SHA-256 | 257e7dc02cc758e02ddfc07622def557b152de2354df0f2e8e6ddd5a95045d43
Red Hat Security Advisory 2013-0624-01
Posted Mar 11, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0624-01 - IBM J2SE version 5.0 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update fixes several vulnerabilities in the IBM Java Runtime Environment and the IBM Java Software Development Kit.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-0409, CVE-2013-0424, CVE-2013-0425, CVE-2013-0426, CVE-2013-0427, CVE-2013-0428, CVE-2013-0432, CVE-2013-0433, CVE-2013-0434, CVE-2013-0440, CVE-2013-0442, CVE-2013-0443, CVE-2013-0445, CVE-2013-0450, CVE-2013-0809, CVE-2013-1476, CVE-2013-1478, CVE-2013-1480, CVE-2013-1481, CVE-2013-1486, CVE-2013-1493
SHA-256 | 1aa3a61ce84d8dfe3989766a7d64b1570da3b7bf518c863cc35cbbfe38e7ca3d
Mandriva Linux Security Advisory 2013-021
Posted Mar 8, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-021 - Multiple security issues were identified and fixed in OpenJDK. The 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via vectors that trigger a write of arbitrary memory in the JVM, as exploited in the wild in February 2013. Unspecified vulnerability in the 2D component in the Java Runtime Environment component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2013-1493. The updated packages provides icedtea6-1.11.9 which is not vulnerable to these issues.

tags | advisory, java, remote, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2013-0809, CVE-2013-1493
SHA-256 | 5b454321a55eb475ee4170f49c5dd25c68794fe01d96b8252b64fbb67b52fb24
Ubuntu Security Notice USN-1755-2
Posted Mar 8, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1755-2 - USN-1755-1 fixed vulnerabilities in OpenJDK 6. This update provides the corresponding updates for OpenJDK 7. It was discovered that OpenJDK did not properly validate certain types of images. A remote attacker could exploit this to cause OpenJDK to crash. Various other issues were also addressed.

tags | advisory, remote, vulnerability
systems | linux, ubuntu
advisories | CVE-2013-0809, CVE-2013-1493, CVE-2013-0809, CVE-2013-1493
SHA-256 | f6df39f955594ea9216c4b8dd6ae813b8290b144bf93b3ea8c98f431ac8ef370
Red Hat Security Advisory 2013-0604-01
Posted Mar 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0604-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges.

tags | advisory, java, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-0809, CVE-2013-1493
SHA-256 | fcd9969a38c85228f7ca9170261f28e98703f293a9d058a6d777b3bd4614528a
Red Hat Security Advisory 2013-0603-01
Posted Mar 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0603-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges.

tags | advisory, java, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-0809, CVE-2013-1493
SHA-256 | 9277b9f954bbf26ebfd21be9bbb223309fcabd745ba6239e42466b4ce3619d74
Red Hat Security Advisory 2013-0602-01
Posted Mar 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0602-01 - These packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges.

tags | advisory, java, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-0809, CVE-2013-1493
SHA-256 | 006689926e05cd513152e32213025ecfe6d53e1e946057df17e9c53131bc1a0f
Red Hat Security Advisory 2013-0605-01
Posted Mar 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0605-01 - These packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Software Development Kit. An integer overflow flaw was found in the way the 2D component handled certain sample model instances. A specially-crafted sample model instance could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges. It was discovered that the 2D component did not properly reject certain malformed images. Specially-crafted raster parameters could cause Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with virtual machine privileges.

tags | advisory, java, overflow, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-0809, CVE-2013-1493
SHA-256 | bd6fda8b783af23447ab7dce72a23af050b31847850dc60e49d2d16016daf7ee
Red Hat Security Advisory 2013-0601-01
Posted Mar 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0601-01 - Oracle Java SE version 6 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes two vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Security Alert page, listed in the References section. All users of java-1.6.0-sun are advised to upgrade to these updated packages, which provide Oracle Java 6 Update 43. All running instances of Oracle Java must be restarted for the update to take effect.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-0809, CVE-2013-1493
SHA-256 | cd5621dfa11a423f7e2dd0bc78bcbbebd77d20d8de7879e5ff7541d5e0807d1d
Red Hat Security Advisory 2013-0600-01
Posted Mar 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0600-01 - Oracle Java SE version 7 includes the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. This update fixes two vulnerabilities in the Oracle Java Runtime Environment and the Oracle Java Software Development Kit. Further information about these flaws can be found on the Oracle Security Alert page, listed in the References section. All users of java-1.7.0-oracle are advised to upgrade to these updated packages, which provide Oracle Java 7 Update 17 and resolve these issues. All running instances of Oracle Java must be restarted for the update to take effect.

tags | advisory, java, vulnerability
systems | linux, redhat
advisories | CVE-2013-0809, CVE-2013-1493
SHA-256 | 78e394bd3978d85f81bf585e1a65ad138e184f2e62db033ad702df80a4ad8e1a
Ubuntu Security Notice USN-1755-1
Posted Mar 6, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1755-1 - It was discovered that OpenJDK did not properly validate certain types of images. A remote attacker could exploit this to cause OpenJDK to crash. It was discovered that OpenJDK did not properly check return values when performing color conversion for images. If a user were tricked into opening a crafted image with OpenJDK, such as with the Java plugin, a remote attacker could cause OpenJDK to crash or execute arbitrary code outside of the Java sandbox with the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, java, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2013-0809, CVE-2013-1493, CVE-2013-0809, CVE-2013-1493
SHA-256 | fd1813b8a70a9be8697c148673b902f68c148dbdd12ab1ae7e74fb7ff68d27ee
Apple Security Advisory 2013-03-04-1
Posted Mar 5, 2013
Authored by Apple | Site apple.com

Apple Security Advisory 2013-03-04-1 - Multiple vulnerabilities existed in Java 1.6.0_41, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox, have been addressed.

tags | advisory, java, arbitrary, vulnerability
systems | apple
advisories | CVE-2013-0809, CVE-2013-1493
SHA-256 | 486fbb59279643ffefc29cb9c279270f2e09f0a3061209f032b324a9f5df9eb3
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close