CVE-2013-1489
Published Jan 31, 2013
Last updated a year ago
Overview
- Description
- Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors, aka "Issue 53" and the "Java Security Slider" vulnerability.
- Source
- secalert_us@oracle.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- NVD-CWE-noinfo
Evaluator
- Comment
- Per: http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html "This issue (CVE-2013-1489) has been discussed publicly and is sometimes known as the "Java Security Slider vulnerability". It has a CVSS of 0 because it does not directly result in an exploitation, but may be combined with other vulnerabilities to allow blind exploitation. When the Security Slider is set to the default (high) all unsigned applets must be authorized via a dialog box by a browser user in order to execute. This provides the browser operator the opportunity to prevent execution of suspicious applets that may result in successful exploits. However, when CVE-2013-1489 is combined with vulnerabilities that can be used to cause direct impacts, the effect can be that the impact can be caused "silently" without the authorization dialog box."
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update10:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "1C74FCFD-B3D1-48D5-9CD0-99DE675B8643"
},
{
"criteria": "cpe:2.3:a:oracle:jdk:1.7.0:update11:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "88BF7EF1-A70B-4BA3-A564-9E14ECFD098A"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update10:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "70E771E8-F2A9-4A8D-BD7A-B2D69828675B"
},
{
"criteria": "cpe:2.3:a:oracle:jre:1.7.0:update11:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "9752AB75-1457-4A6A-A310-29410A0905C2"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "39B565E1-C2F1-44FC-A517-E3130332B17C"
},
{
"criteria": "cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C37BA825-679F-4257-9F2B-CE2318B75396"
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "14E6A30E-7577-4569-9309-53A0AF7FE3AC"
},
{
"criteria": "cpe:2.3:a:opera:opera_browser:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "4545786D-3129-4D92-B218-F4A92428ED48"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]