CVE-2013-1489
HIGH severity · CVSS 10
10CVSS HIGH
Summary
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)8%
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected products we track (6)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53
- http://marc.info/?l=bugtraq&m=136439120408139&w=2
- http://marc.info/?l=bugtraq&m=136733161405818&w=2
- http://rhn.redhat.com/errata/RHSA-2013-0237.html
- http://seclists.org/fulldisclosure/2013/Jan/241
- http://thenextweb.com/insider/2013/01/28/new-vulnerability-bypasses-oracles-attempt-to-stop-malware-drive-by-downloads-via-java-applets/
- http://www.informationweek.com/security/application-security/java-security-work-remains-bug-hunter-sa/240147150
- http://www.kb.cert.org/vuls/id/858729