CVE-2013-1489 Information

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 10 and Update 11 when running on Windows using Internet Explorer Firefox Opera and Google Chrome allows remote attackers to bypass the \Very High\ security level of the Java Control Panel and execute unsigned Java code without prompting the user via unknown vectors aka \Issue 53\ and the \Java Security Slider\ vulnerability.

Reference

http://blogs.computerworld.com/malware-and-vulnerabilities/21693/yet-another-java-security-flaw-discovered-number-53 http://marc.info/?l=bugtraq&m=136439120408139&w=2 http://marc.info/?l=bugtraq&m=136733161405818&w=2 http://rhn.redhat.com/errata/RHSA-2013-0237.html http://seclists.org/fulldisclosure/2013/Jan/241 http://thenextweb.com/insider/2013/01/28/new-vulnerability-bypasses-oracles-attempt-to-stop-malware-drive-by-downloads-via-java-applets/ http://www.informationweek.com/security/application-security/java-security-work-remains-bug-hunter-sa/240147150 http://www.kb.cert.org/vuls/id/858729 http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html http://www.scmagazine.com.au/News/330453java-still-unsafe-new-flaws-discovered.aspx http://www.us-cert.gov/cas/techalerts/TA13-032A.html http://www.zdnet.com/java-update-doesnt-prevent-silent-exploits-at-all-7000010422/ https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A15906 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A19171