CVE-2013-1488

Published: 08 March 2013

The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to execute arbitrary code via unspecified vectors involving reflection, Libraries, "improper toString calls," and the JDBC driver manager, as demonstrated by James Forshaw during a Pwn2Own competition at CanSecWest 2013.

Priority

Medium

Status

Package Release Status
openjdk-6
Launchpad, Ubuntu, Debian
Upstream Deferred
(2013-04-19)
openjdk-6b18
Launchpad, Ubuntu, Debian
Upstream Deferred
(2013-04-19)
openjdk-7
Launchpad, Ubuntu, Debian
Upstream Deferred
(2013-04-19)