CVE-2013-2465
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- March 05, 2013
- Published Date
- June 18, 2013
- Last Updated
- February 10, 2025
- Vendor
- Oracle
- Product
- Java SE
- Description
- Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.
- Tags
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- total
cisa
malware
ransomware
metasploit_scanner
CVSS Scores
CVSS v3.1
9.8 - CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0
10.0
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
SSVC Information
References
http://rhn.redhat.com/errata/RHSA-2013-1060.html
http://marc.info/?l=bugtraq&m=137545592101387&w=2
https://access.redhat.com/errata/RHSA-2014:0414
http://security.gentoo.org/glsa/glsa-201406-32.xml
http://www.securityfocus.com/bid/60657
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html
http://marc.info/?l=bugtraq&m=137545505800971&w=2
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html
http://secunia.com/advisories/54154
http://rhn.redhat.com/errata/RHSA-2013-1455.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19455
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19703
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/2a9c79db0040
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19074
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00029.html
http://rhn.redhat.com/errata/RHSA-2013-1059.html
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00000.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17106
http://rhn.redhat.com/errata/RHSA-2013-1081.html
http://www.us-cert.gov/ncas/alerts/TA13-169A
http://advisories.mageia.org/MGASA-2013-0185.html
http://rhn.redhat.com/errata/RHSA-2013-0963.html
http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html
https://bugzilla.redhat.com/show_bug.cgi?id=975118
http://rhn.redhat.com/errata/RHSA-2013-1456.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:183
http://www-01.ibm.com/support/docview.wss?uid=swg21642336
http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-03-28 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/java_storeimagearray.rb | 2025-04-29 11:01:20 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
java_storeimagearray
Type: metasploit • Created: Unknown
Metasploit module for CVE-2013-2465
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Exploit Used in Malware
-
Added to KEVIntel
-
Detected by Metasploit