CVE-2013-2416

EXPLOITED

Oracle Java SE <7.17 - Info Disclosure

Title source: llm

Exploitation Summary

CVE-2013-2416 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit.

AI-analyzed exploit summary This advisory provides a detailed technical analysis of CVE-2013-2419, a memory corruption vulnerability in the Java Web Start Launcher's ActiveX control. It includes disassembly snippets, root cause analysis, and a proof-of-concept HTML/JS exploit that crashes javaws.exe.

Description

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.

Exploits (1)

exploitdb WRITEUP

doswindows

https://www.exploit-db.com/exploits/24966

View Code ZIP pw:eip

This advisory provides a detailed technical analysis of CVE-2013-2419, a memory corruption vulnerability in the Java Web Start Launcher's ActiveX control. It includes disassembly snippets, root cause analysis, and a proof-of-concept HTML/JS exploit that crashes javaws.exe.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Java(TM) Web Start Launcher (deployJava1.dll) in Java SE 7 Update 17 and earlier, Java SE 6 Update 43 and earlier, Java SE 5.0 Update 41 and earlier

No auth needed

Prerequisites: Victim must use Internet Explorer with the Java ActiveX control enabled · Attacker must deliver malicious HTML/JS to the victim

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →