CVE-2013-1493

EXPLOITED IN THE WILD RANSOMWARE

Oracle JRE < 1.7.0 - Remote Code Execution via Crafted Image Raster Parameters

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2013-1493 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io), including in ransomware campaigns. EIP tracks 2 public exploits from researchers including Metasploit, Unknown, juan vazquez, including a Metasploit module exploits/windows/browser/java_cmm.

AI-analyzed exploit summary This Metasploit module exploits CVE-2013-1493, a vulnerability in Java's Color Management Module (CMM) to achieve remote code execution. It leverages a malicious Java applet to bypass sandbox restrictions, targeting Java 7u15 and earlier, as well as 6u41 and earlier.

Description

The color management (CMM) functionality in the 2D component in Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (crash) via an image with crafted raster parameters, which triggers (1) an out-of-bounds read or (2) memory corruption in the JVM, as exploited in the wild in February 2013.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/24904

This Metasploit module exploits CVE-2013-1493, a vulnerability in Java's Color Management Module (CMM) to achieve remote code execution. It leverages a malicious Java applet to bypass sandbox restrictions, targeting Java 7u15 and earlier, as well as 6u41 and earlier.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Oracle Java Runtime Environment (JRE) 7u15 and earlier, 6u41 and earlier
No auth needed
Prerequisites: Victim must accept the Java warning to run the applet · Target must have a vulnerable version of Java installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by Unknown, juan vazquez · rubypocjava
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/java_cmm.rb

This Metasploit module exploits CVE-2013-1493, a vulnerability in Java's Color Management Module (CMM) that allows remote code execution. It leverages malicious Java applet classes to bypass sandbox restrictions and execute arbitrary code on vulnerable Java versions (7u15 and earlier, 6u41 and earlier).

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Oracle Java Runtime Environment (JRE) 7u15 and earlier, 6u41 and earlier
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · Victim must accept the Java applet warning (click-to-play not bypassed)
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (31)

Core 31
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0604.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1455.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1456.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0603.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0601.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19246
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201406-32.xml
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/24904
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/58238
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029803
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=136570436423916&w=2
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/ncas/alerts/TA13-064A
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=136439120408139&w=2
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1755-2
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/688246
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=917553
Third Party Advisory x_refsource_confirm
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0088
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19477

Scores

EPSS 0.9161
EPSS Percentile 99.7%

Details

VulnCheck KEV 2013-03-04
InTheWild.io 2017-09-19
Ransomware Use Confirmed
CWE
CWE-119
Status published
Products (9)
oracle/jdk 1.6.0 update22 (16 CPE variants)
oracle/jdk 1.5.0 update36 (2 CPE variants)
oracle/jdk 1.7.0 (12 CPE variants)
oracle/jdk < 1.5.0
oracle/jdk < 1.6.0
oracle/jdk < 1.7.0
oracle/jre 1.7.0 (12 CPE variants)
oracle/jre 1.5.0 update36 (2 CPE variants)
oracle/jre 1.6.0 update22 (3 CPE variants)
Published Mar 05, 2013
Tracked Since Feb 18, 2026