Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2013-1493

Vulnerability Summary

This Metasploit module abuses the Color Management classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February and March of 2013. The vulnerability affects Java version 7u15 and previous versions and 6u41 and previous versions and has been tested successfully on Windows XP SP3 and Windows 7 SP1 systems. This exploit doesn't bypass click-to-play, so the user must accept the java warning in order to run the malicious applet.

Vendor Advisories

Red Hat: Critical: java-1.6.0-sun security update
Synopsis Critical: java-160-sun security update Type/Severity Security Advisory: Critical Topic Updated java-160-sun packages that fix two security issues are nowavailable for Red Hat Enterprise Linux 5 and 6 SupplementaryThe Red Hat Security Response Team has rated this update as having criticalsecuri ...
Red Hat: Critical: java-1.7.0-oracle security update
Synopsis Critical: java-170-oracle security update Type/Severity Security Advisory: Critical Topic Updated java-170-oracle packages that fix two security issues are nowavailable for Red Hat Enterprise Linux 5 and 6 SupplementaryThe Red Hat Security Response Team has rated this update as having critical ...

Exploits

Exploit DB: Java CMM Remote Code Execution
This Metasploit module abuses the Color Management classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February and March of 2013 The vulnerability affects Java version 7u15 and earlier and 6u41 and earlier and has been tested successfully on Windows XP SP3 and Windows 7 SP1 systems This exploi ...

References

https://access.redhat.com/errata/RHSA-2013:0601https://packetstormsecurity.com/files/120999/Java-CMM-Remote-Code-Execution.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671unauthorizedCVE-2024-4776CVE-2024-3407CVE-2024-26026CVE-2024-32888wirelessCVE-2024-4656template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook