CVE-2013-0402

EPSS 5.06%
Veröffentlicht 08.03.2013 18:55:01
Zuletzt bearbeitet 29.04.2026 01:13:23
Quelle secalert_us@oracle.com
CVE-Watchlists
Login
Unerledigt
Login

Heap-based buffer overflow in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via unspecified vectors related to JavaFX, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

NVD 3 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Oracle ≫ Javafx Version <= 2.2.7

Oracle ≫ Jdk Version1.7.0 Updateupdate17

Oracle ≫ Jre Version1.7.0 Updateupdate17

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.06%	0.895

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157

http://rhn.redhat.com/errata/RHSA-2013-0757.html

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html

Vendor Advisory

http://www.us-cert.gov/ncas/alerts/TA13-107A

US Government Resource

http://www.zdnet.com/pwn2own-down-go-all-the-browsers-7000012283/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15728

https://twitter.com/thezdi/status/309484730506698752

https://nvd.nist.gov/vuln/detail/CVE-2013-0402

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-0402

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-0402

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2013-0402