Unrated severityNVD Advisory· Published Mar 8, 2013· Updated Apr 29, 2026
CVE-2013-1491
CVE-2013-1491
Description
The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013.
Affected products
2- cpe:2.3:a:oracle:jdk:1.7.0:update17:*:*:*:*:*:*
- cpe:2.3:a:oracle:jre:1.7.0:update17:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
18- www.us-cert.gov/ncas/alerts/TA13-107AnvdUS Government Resource
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157nvd
- lists.apple.com/archives/security-announce/2013/Apr/msg00001.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.htmlnvd
- marc.infonvd
- rhn.redhat.com/errata/RHSA-2013-0757.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-0758.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-1455.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-1456.htmlnvd
- www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.htmlnvd
- www.zdnet.com/pwn2own-down-go-all-the-browsers-7000012283/nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16663nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19482nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19553nvd
- twitter.com/thezdi/status/309438311112507392nvd
News mentions
0No linked articles in our index yet.