CVE-2013-1489

 

Published at: - 31-01-2013 03:55

Last modified: - 06-10-2022 02:13

Total changes: - 2

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:C/I:C/A:C

 

Verification logic

 

Reference

• http://thenextweb.com/insider/2013/01/28/new-vulnerability-bypasses-oracles-attempt-to-stop-malware-drive-by-downloads-via-java-applets/
• http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53
• http://www.informationweek.com/security/application-security/java-security-work-remains-bug-hunter-sa/240147150
• http://www.scmagazine.com.au/News/330453,java-still-unsafe-new-flaws-discovered.aspx
• 20130127 [SE-2012-01] An issue with new Java SE 7 security features-
• http://www.zdnet.com/java-update-doesnt-prevent-silent-exploits-at-all-7000010422/
• http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html
• RHSA-2013:0237-
• TA13-032A-US Government Resource
• VU#858729-US Government Resource
• HPSBMU02874-
• HPSBUX02857-
• oval:org.mitre.oval:def:19171-
• oval:org.mitre.oval:def:15906-

 

Keywords

NVD

 

CVE-2013-1489

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures