CVE-2013-2421 – OpenJDK: Hotspot MethodHandle lookup error (Hotspot, 8009699)
https://notcve.org/view.php?id=CVE-2013-2421
Oracle has not commented on claims from another vendor that this issue is related to incorrect MethodHandle lookups, which allows remote attackers to bypass Java sandbox restrictions. ... Oracle no ha comentado sobre las afirmaciones de otro proveedor de que este problema está relacionado con búsquedas incorrectas de MethodHandle, lo que permite a los atacantes remotos omitir las restricciones del sandbox de Java. • http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released http://hg.openjdk.java.net/jdk7u/jdk7u-dev/hotspot/rev/663b5c744e82 http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html http://mail& •
CVE-2013-2436 – Oracle Java MethodHandle Sandbox Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-2436
The issue lies in the ability to bypass restrictions enforced by restrictReceiver(). • http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/20f287fec09f http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html http://rhn.redhat.com/errata/RHSA-2013-0752.html http://rhn.redhat.com/errata/RHSA-2013-0757.html http://security.gentoo.org/glsa/glsa-201406-32.xml http://www-01.ibm.com/support/docview.wss?uid=swg21644197 http://www.mandriva.com/security/advisories •
CVE-2013-2552
https://notcve.org/view.php?id=CVE-2013-2552
Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013. Vulnerabilidad sin especificar en Microsoft Internet Explorer 10 sobre Windows 8, permite a atacantes remotos evitar el mecanismo de protección "sandbox" aprovechando el acceso a los procesos de integridad "Medium", como se ha demostrador por VUPEN durante la competición de Pwn2Own en CanSecWest 2013. • http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157 http://twitter.com/VUPEN/statuses/309479075385327617 http://twitter.com/thezdi/statuses/309452625173176320 •
CVE-2013-2550 – Adobe Reader Sandbox Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-2550
Unspecified vulnerability in Adobe Reader 11.0.02 allows attackers to bypass the sandbox protection mechanism via unknown vectors, as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013. Vulnerabilidad no especificada en Adobe Reader v11.0.02 permite a atacantes remotos eludir el mecanismo de protección de sandbox a través de vectores no especificados, como demostró George Hotz durante la competición Pwn2Own en CanSecWest 2013. • http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157 http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html http://security.gentoo.org/glsa/glsa-201308-03.xml http://twitter.com/thezdi/statuses/309771882612281344 http://www.adobe.com/support/security/bulletins/apsb13-15.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15992 •
CVE-2013-2549 – Adobe Reader Sandbox Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-2549
Unspecified vulnerability in Adobe Reader 11.0.02 allows remote attackers to execute arbitrary code via vectors related to a "break into the sandbox," as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013. Vulnerabilidad no especificada en Adobe Reader v11.0.02 permite a atacantes remotos ejecutar código de su elección a través de vectores relacionados con "break into the sandbox", como demostró George Hotz durante la competición Pwn2Own en CanSecWest 2013. • http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157 http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00004.html http://rhn.redhat.com/errata/RHSA-2013-0826.html http://security.gentoo.org/glsa/glsa-201308-03.xml http://twitter.com/thezdi/statuses/309771882612281344 http://www.adobe.com/support/security/bulletins/apsb13-15.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16809 https://access.redhat.com • CWE-94: Improper Control of Generation of Code ('Code Injection') •