Oracle Java Runtime Environment AWT storeImageArray Vulnerability

Added: 08/30/2013
CVE: CVE-2013-2465
BID: 60657
OSVDB: 94339

Background

Java Runtime Environment (JRE) allows end users to run Java applications.

Problem

A buffer overflow vulnerability in the storeImageArray function of the Abstract Window Toolkit (AWT) library (awt.dll) allows command execution when a user loads a specially crafted web page.

Resolution

Apply patches as described in the June 2013 Oracle Critical Patch Update.

References

http://www.zerodayinitiative.com/advisories/ZDI-13-153/

Limitations

This exploit has been tested against Oracle JRE 7 Update 21 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).

The user must open the exploit with Internet Explorer on the target.

Platforms

Windows

Back to exploit index