CVE-2013-1491

Oracle JDK and JRE - Remote Code Execution via 2D Component

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-1491. PoCs published by guhe120.

AI-analyzed exploit summary This is a working proof-of-concept exploit for CVE-2013-1491, a Java memory corruption vulnerability, using JIT-spraying to achieve remote code execution. The exploit generates and loads multiple classes to spray the heap and includes shellcode to spawn a calculator as a demonstration.

Description

The Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to execute arbitrary code via vectors related to 2D, as demonstrated by Joshua Drake during a Pwn2Own competition at CanSecWest 2013.

Exploits (1)

nomisec WORKING POC 9 stars

by guhe120 · poc

https://github.com/guhe120/CVE20131491-JIT

View Code ZIP pw:eip

This is a working proof-of-concept exploit for CVE-2013-1491, a Java memory corruption vulnerability, using JIT-spraying to achieve remote code execution. The exploit generates and loads multiple classes to spray the heap and includes shellcode to spawn a calculator as a demonstration.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Java Runtime Environment (JRE) 7u17

No auth needed

Prerequisites: JRE 7u17 · Windows 7 32-bit · Java applet execution context

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (18)

Core 18

Core References

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-0758.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-1455.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-0757.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-1456.html

Various Sources x_refsource_misc

https://twitter.com/thezdi/status/309438311112507392

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19553

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/ncas/alerts/TA13-107A

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=137283787217316&w=2

Vendor Advisory vendor-advisory x_refsource_hp

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16663

Various Sources x_refsource_misc

http://www.zdnet.com/pwn2own-down-go-all-the-browsers-7000012283/

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19482

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html

Various Sources x_refsource_misc

http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157

Scores

EPSS 0.1642

EPSS Percentile 96.6%

Details

CWE

CWE-94

Status published

Products (2)

oracle/jdk 1.7.0 update17

oracle/jre 1.7.0 update17

Published Mar 08, 2013

Tracked Since Feb 18, 2026