1. Home
  2. CVE Database
  3. CVE-2013-1491
HIGH · 10.0

CVE-2013-1491

The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to exec...

Vulnerability Description

The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
OracleJdk1.7.0
OracleJre1.7.0

Related Weaknesses (CWE)

CWE-94

References

FAQ

What is CVE-2013-1491?

CVE-2013-1491 is a vulnerability with a CVSS score of 10.0 (HIGH). The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to exec...

How severe is CVE-2013-1491?

CVE-2013-1491 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-1491?

Check the references section above for vendor advisories and patch information. Affected products include: Oracle Jdk, Oracle Jre.