Published: 18/06/2013 Updated: 13/05/2022

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and previous versions, 6 Update 45 and previous versions, and 5.0 Update 45 and previous versions, and OpenJDK 7, allows remote malicious users to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote malicious users to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing."

Vulnerable Product	Search on Vulmon	Subscribe to Product
oracle jre 1.7.0
oracle jre
oracle jdk 1.7.0
oracle jdk
sun jre 1.6.0
oracle jre 1.6.0
sun jdk 1.6.0
oracle jdk 1.6.0
sun jre 1.5.0
oracle jre 1.5.0
sun jdk 1.5.0
oracle jdk 1.5.0

Synopsis Low: Red Hat Network Satellite server IBM Java Runtime security update Type/Severity Security Advisory: Low Topic Updated java-160-ibm packages that fix several security issues are nowavailable for Red Hat Network Satellite Server 55The Red Hat Security Response Team has rated this update as ha ...

Synopsis Low: Red Hat Network Satellite server IBM Java Runtime security update Type/Severity Security Advisory: Low Topic Updated java-160-ibm packages that fix several security issues are nowavailable for Red Hat Network Satellite Server 54The Red Hat Security Response Team has rated this update as ha ...

Several security issues were fixed in OpenJDK 6 ...

IcedTea Web updated to work with new OpenJDK 7 ...

Several security issues were fixed in OpenJDK 7 ...

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service For the oldstable distribution (squeeze), these problems have been fixed in version 6b27-1126-1~deb6u1 For the stable dis ...

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in the execution of arbitrary code, breakouts of the Java sandbox, information disclosure or denial of service For the stable distribution (wheezy), these problems have been fixed in version 7u25-2310-1~deb7u1 In addition icedtea-we ...

Multiple flaws were discovered in the ImagingLib and the image attribute, channel, layout and raster processing in the 2D component An untrusted Java application or applet could possibly use these flaws to trigger Java Virtual Machine memory corruption (CVE-2013-2470, CVE-2013-2471, CVE-2013-2472, CVE-2013-2473, CVE-2013-2463, CVE-2013-2465, CVE- ...

# Exploit Title: Oracle Java lookupByteBI function heap buffer overflow # Google Dork: # Date: 2013-09-03 # Exploit Author: GuHe # Vendor Homepage: wwworaclecom/ # Software Link: wwworaclecom/technetwork/java/javase/downloads/indexhtml # Version: 7u21 and eariler # Tested on: Windows 7 # CVE : CVE-2013-2470 PoC: githubc ...

NVD-CWE-noinfo http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/89d9ec9e80c1 https://bugzilla.redhat.com/show_bug.cgi?id=975099 http://rhn.redhat.com/errata/RHSA-2013-0963.html http://secunia.com/advisories/54154 http://www-01.ibm.com/support/docview.wss?uid=swg21642336 http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html http://rhn.redhat.com/errata/RHSA-2013-1081.html http://rhn.redhat.com/errata/RHSA-2013-1060.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 http://rhn.redhat.com/errata/RHSA-2013-1455.html http://rhn.redhat.com/errata/RHSA-2013-1456.html http://www.us-cert.gov/ncas/alerts/TA13-169A http://marc.info/?l=bugtraq&m=137545592101387&w=2 http://marc.info/?l=bugtraq&m=137545505800971&w=2 http://www.mandriva.com/security/advisories?name=MDVSA-2013:183 http://rhn.redhat.com/errata/RHSA-2013-1059.html http://advisories.mageia.org/MGASA-2013-0185.html http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.securityfocus.com/bid/60651 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19655 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19517 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19348 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16806 http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html https://access.redhat.com/errata/RHSA-2014:0414 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2013:1456 https://usn.ubuntu.com/1908-1/https://www.exploit-db.com/exploits/28050/

CVE-2013-2470

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect