Signature Detail

Short Name	HTTP:STC:JAVA:FONT-PROCESSING
Severity	High
Recommended	No
Recommended Action	Drop
Category	HTTP
Keywords	Oracle Java Font Processing Memory Corruption
Release Date	2013/06/05
Update Number	2270
Supported Platforms	idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Oracle Java Font Processing Memory Corruption

This signature detects attempts to exploit a known vulnerability against Oracle Java Font Processing. A successful attack can lead to arbitrary code execution.

Extended Description

The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013.

Affected Products

oracle jdk 1.7.0 (update17)
oracle jre 1.7.0 (update17)

References

BugTraq: 59154
CVE: CVE-2013-1491

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Oracle Java Font Processing Memory Corruption

Extended Description

Affected Products

References