CVE-2013-1488

The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
oracleCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
oraclejdk
1.7.0
oraclejre
1.7.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openjdk-6
raring
Fixed 6b27-1.12.5-1ubuntu1
released
quantal
Fixed 6b27-1.12.5-0ubuntu0.12.10.1
released
precise
Fixed 6b27-1.12.5-0ubuntu0.12.04.1
released
oneiric
Fixed 6b27-1.12.5-0ubuntu0.11.10.1
released
lucid
Fixed 6b27-1.12.5-0ubuntu0.10.04.1
released
hardy
ignored
openjdk-6b18
raring
dne
quantal
dne
precise
dne
oneiric
ignored
lucid
ignored
hardy
dne
openjdk-7
raring
Fixed 7u21-2.3.9-1ubuntu1
released
quantal
Fixed 2013-04-19
released
precise
Fixed 7u21-2.3.9-0ubuntu0.12.04.1
released
oneiric
Fixed 7u21-2.3.9-0ubuntu0.11.10.1
released
lucid
dne
hardy
dne
References