CVE-2013-0402

Heap-based buffer overflow in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via unspecified vectors related to JavaFX, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
Severity
UNKNOWN
AV:N/AC:L/Au:N/C:C/I:C/A:C
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
VendorProductVersion
oraclejavafx
𝑥
≤ 2.2.7
oraclejdk
1.7.0
oraclejre
1.7.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openjdk-6
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
not-affected
lucid
not-affected
hardy
ignored
openjdk-6b18
raring
dne
quantal
dne
precise
dne
oneiric
ignored
lucid
ignored
hardy
dne
openjdk-7
raring
Fixed 7u21-2.3.9-1ubuntu1
released
quantal
Fixed 7u21-2.3.9-0ubuntu0.12.10.1
released
precise
Fixed 7u21-2.3.9-0ubuntu0.12.04.1
released
oneiric
ignored
lucid
dne
hardy
dne