Vulnerability Database

289,871

Total vulnerabilities in the database

CVE-2013-1488

The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013.

  • Published: Mar 8, 2013
  • Updated: Apr 13, 2023
  • CVE: CVE-2013-1488
  • Severity: High
  • Exploit:

CVSS v2:

  • Severity: High
  • Score: 10
  • AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

Software From Fixed in
oracle / jdk 1.7.0-update17 1.7.0-update17.x
oracle / jre 1.7.0-update17 1.7.0-update17.x