HTTP: Oracle Java Font Processing Memory Corruption

This signature detects attempts to exploit a known vulnerability against Oracle Java Font Processing. A successful attack can lead to arbitrary code execution.

Extended Description

The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013.

Affected Products

Oracle jre

References

BugTraq: 59154

CVE: CVE-2013-1491

Short Name
HTTP:STC:JAVA:FONT-PROCESSING
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2013-1491 Corruption Font Java Memory Oracle Processing bid:59154
Release Date
06/06/2013
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3761
False Positive
Unknown
Vendors

Oracle

CVSS Score

10.0

Found a potential security threat?