Vulnerability Description
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Jdk | 1.7.0 |
| Oracle | Jre | 1.7.0 |
| Chrome | - | |
| Microsoft | Internet Explorer | - |
| Mozilla | Firefox | All versions |
| Opera | Opera Browser | - |
References
- http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-jav
- http://marc.info/?l=bugtraq&m=136439120408139&w=2
- http://marc.info/?l=bugtraq&m=136733161405818&w=2
- http://rhn.redhat.com/errata/RHSA-2013-0237.html
- http://seclists.org/fulldisclosure/2013/Jan/241
- http://thenextweb.com/insider/2013/01/28/new-vulnerability-bypasses-oracles-atte
- http://www.informationweek.com/security/application-security/java-security-work-
- http://www.kb.cert.org/vuls/id/858729US Government Resource
- http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.htmlVendor Advisory
- http://www.scmagazine.com.au/News/330453%2Cjava-still-unsafe-new-flaws-discovere
- http://www.us-cert.gov/cas/techalerts/TA13-032A.htmlUS Government Resource
- http://www.zdnet.com/java-update-doesnt-prevent-silent-exploits-at-all-700001042
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-jav
FAQ
What is CVE-2013-1489?
CVE-2013-1489 is a vulnerability with a CVSS score of 10.0 (HIGH). Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrom...
How severe is CVE-2013-1489?
CVE-2013-1489 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1489?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle Jdk, Oracle Jre, Google Chrome, Microsoft Internet Explorer, Mozilla Firefox.