CVE-2013-1488

Oracle Java DriverManager Privilege Block Remote Code Execution Vulnerability

Severity Score

10.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013.

El componente Java Runtime Environment (JRE) en Java SE versión 7 Update 17 y anteriores, y OpenJDK versiones 6 y 7 de Oracle, permite a los atacantes remotos ejecutar código arbitrario por medio de vectores no especificados que implican reflexión, Libraries, "improper toString calls," y el administrador del controlador JDBC , como fue demostrado por James Forshaw durante una competencia de Pwn2Own en CanSecWest 2013.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the usage of java.sql.DriverManager. The issue lies in an implicit call to toString() that is made within a doPrivileged block. An attacker can leverage this vulnerability to execute code under the context of the current process.

*Credits: James Forshaw (tyranid)

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-01-30 CVE Reserved
2013-03-08 CVE Published
2013-06-11 First Exploit
2024-08-03 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-94: Improper Control of Generation of Code ('Code Injection')

CAPEC

References (24)

URL	Tag	Source
http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released	X_refsource_confirm
http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released	X_refsource_confirm
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157	X_refsource_misc
http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/a19614a3dabb	X_refsource_misc
http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html	Mailing List
http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html	X_refsource_confirm
http://www.us-cert.gov/ncas/alerts/TA13-107A	Third Party Advisory
http://www.zdnet.com/pwn2own-down-go-all-the-browsers-7000012283	X_refsource_misc
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16511	Signature
https://twitter.com/thezdi/status/309425888188043264	X_refsource_misc
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124	X_refsource_confirm
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130	X_refsource_confirm

URL	Date	SRC
https://www.exploit-db.com/exploits/26135	2013-06-11

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html	2017-09-19
http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html	2017-09-19
http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html	2017-09-19
http://rhn.redhat.com/errata/RHSA-2013-0752.html	2017-09-19
http://rhn.redhat.com/errata/RHSA-2013-0757.html	2017-09-19
http://security.gentoo.org/glsa/glsa-201406-32.xml	2017-09-19
http://www.mandriva.com/security/advisories?name=MDVSA-2013:145	2017-09-19
http://www.mandriva.com/security/advisories?name=MDVSA-2013:161	2017-09-19
http://www.ubuntu.com/usn/USN-1806-1	2017-09-19
https://bugzilla.redhat.com/show_bug.cgi?id=920247	2013-05-14
https://access.redhat.com/security/cve/CVE-2013-1488	2013-05-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Oracle Search vendor "Oracle"		Jdk Search vendor "Oracle" for product "Jdk"				1.7.0 Search vendor "Oracle" for product "Jdk" and version "1.7.0"		update17		Affected
Oracle Search vendor "Oracle"		Jre Search vendor "Oracle" for product "Jre"				1.7.0 Search vendor "Oracle" for product "Jre" and version "1.7.0"		update17		Affected