CVE-2013-1489

Sažetak

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability.

Reference

http://thenextweb.com/insider/2013/01/28/new-vulnerability-bypasses-oracles-attempt-to-stop-malware-drive-by-downloads-via-java-applets/
http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53
http://www.informationweek.com/security/application-security/java-security-work-remains-bug-hunter-sa/240147150
http://seclists.org/fulldisclosure/2013/Jan/241
http://www.zdnet.com/java-update-doesnt-prevent-silent-exploits-at-all-7000010422/
http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
http://rhn.redhat.com/errata/RHSA-2013-0237.html
http://www.us-cert.gov/cas/techalerts/TA13-032A.html
http://www.kb.cert.org/vuls/id/858729
http://marc.info/?l=bugtraq&m=136733161405818&w=2
http://marc.info/?l=bugtraq&m=136439120408139&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19171
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15906
http://www.scmagazine.com.au/News/330453%2Cjava-still-unsafe-new-flaws-discovered.aspx

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

07-11-2023 - 02:14

Objavljeno

31-01-2013 - 14:55