1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Oracle Java SE CVE-2013-2465 2

Web Attack: Oracle Java SE CVE-2013-2465 2

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a vulnerability in Java Runtime Environment which could result in remote code execution.

Additional Information

Oracle Java SE is prone to a memory-corruption vulnerability in Java Runtime Environment because it fails to properly validate the 'IntegerInterleavedRaster.verify()' method that allows to bypass 'dataOffsets[]' boundary checks by setting the 'numDataElements' field to 0. Specifically, this issue exists within the AWT 'mlib' library. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage.

Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

Affected

  • This vulnerability affects the following supported versions:
  • 7 Update 21 , 6 Update 45 , 5.0 Update 45

Response

Updates are available. Please see the references or vendor advisory for more information.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube