Oracle Java SE Remote Heap Buffer Overflow Vulnerability

Bugtraq ID:	58397
Class:	Boundary Condition Error
CVE:	CVE-2013-0402
Remote:	Yes
Local:	No
Published:	Mar 07 2013 12:00AM
Updated:	Mar 19 2015 09:31AM
Credit:	Florent Hochwelker of VUPEN Security
Vulnerable:	Sun JRE (Windows Production Release) 1.7.0_4 Sun JRE (Windows Production Release) 1.7.0_2 Sun JDK (Windows Production Release) 1.7 Sun JDK (Windows Production Release) 1.7.0_4 Sun JDK (Windows Production Release) 1.7.0_2 Red Hat Enterprise Linux Workstation Supplementary 6 Red Hat Enterprise Linux Supplementary 5 server Red Hat Enterprise Linux Server Supplementary 6 Red Hat Enterprise Linux HPC Node Supplementary 6 Red Hat Enterprise Linux Desktop Supplementary 6 Red Hat Enterprise Linux Desktop Supplementary 5 client IBM Maximo Asset Management Essentials 7.5 IBM Maximo Asset Management Essentials 7.1 IBM Maximo Asset Management Essentials 6.2 IBM Maximo Asset Management 7.5 IBM Maximo Asset Management 7.1 IBM Maximo Asset Management 6.2 IBM Lotus Notes 8.5.3 IBM Lotus Notes 8.5.2 IBM Lotus Notes 8.5.1 IBM Lotus Notes 8.0.2 IBM Lotus Notes 8.5.2.3 IBM Lotus Notes 8.5.2.2 IBM Lotus Notes 8.5.2.1 IBM Lotus Notes 8.5.1.5 IBM Lotus Notes 8.5.1.4 IBM Lotus Notes 8.5.1.3 IBM Lotus Notes 8.5.1.2 IBM Lotus Notes 8.5.0.1 IBM Lotus Notes 8.5 IBM Lotus Notes 8.0.2.6 IBM Lotus Notes 8.0.2.5 IBM Lotus Notes 8.0.2.4 IBM Lotus Notes 8.0.2.3 IBM Lotus Notes 8.0.2.2 IBM Lotus Notes 8.0.2.1 IBM Lotus Notes 8.0 IBM Lotus Domino 8.5.3 IBM Lotus Domino 8.5.2 IBM Lotus Domino 8.5.1 IBM Lotus Domino 8.5 IBM Lotus Domino 8.0.2 IBM Lotus Domino 8.0.1 IBM Lotus Domino 8.5.1.1 IBM Lotus Domino 8.5.0.1 IBM Lotus Domino 8.0.2.4 IBM Lotus Domino 8.0.2.3 IBM Lotus Domino 8.0.2.2 IBM Lotus Domino 8.0.2.1 IBM Lotus Domino 8.0 Gentoo Linux Avaya Voice Portal 5.1.2 Avaya Voice Portal 5.1.1 Avaya Voice Portal 5.1 Avaya Voice Portal 5.0 SP1 Avaya Voice Portal 5.0 Avaya Proactive Contact 5.0 Avaya Message Networking 5.2.1 Avaya Message Networking 5.2.4 Avaya Message Networking 5.2.3 Avaya Message Networking 5.2.2 Avaya Meeting Exchange 5.2 Avaya IP Office Application Server 8.1 Avaya IP Office Application Server 8.0 Avaya Communication Server 1000M Signaling Server 7.5 Avaya Communication Server 1000M Signaling Server 7.0 Avaya Communication Server 1000M Signaling Server 6.0 Avaya Communication Server 1000M 7.5 Avaya Communication Server 1000M 7.0 Avaya Communication Server 1000M 6.0 Avaya Communication Server 1000E Signaling Server 7.5 Avaya Communication Server 1000E Signaling Server 7.0 Avaya Communication Server 1000E Signaling Server 6.0 Avaya Communication Server 1000E 7.5 Avaya Communication Server 1000E 7.0 Avaya Communication Server 1000E 6.0 Avaya Aura System Manager 6.2 Avaya Aura System Manager 6.1.3 Avaya Aura System Manager 6.1.2 Avaya Aura System Manager 6.1.1 Avaya Aura System Manager 6.1 SP2 Avaya Aura System Manager 6.1 Sp1 Avaya Aura System Manager 6.1 Avaya Aura System Manager 6.0 SP1 Avaya Aura System Manager 6.0 Avaya Aura System Manager 5.2 Avaya Aura SIP Enablement Services 5.2.1 Avaya Aura SIP Enablement Services 5.2 Avaya Aura Session Manager 6.2.1 Avaya Aura Session Manager 6.1.3 Avaya Aura Session Manager 6.1.2 Avaya Aura Session Manager 6.1.1 Avaya Aura Session Manager 6.2 Avaya Aura Session Manager 6.1 SP2 Avaya Aura Session Manager 6.1 Sp1 Avaya Aura Session Manager 6.1 Avaya Aura Session Manager 6.0 SP1 Avaya Aura Session Manager 6.0 Avaya Aura Session Manager 5.2 SP2 Avaya Aura Session Manager 5.2 SP1 Avaya Aura Session Manager 5.2 Avaya Aura Presence Services 6.1.1 Avaya Aura Presence Services 6.1 Avaya Aura Presence Services 6.0 Avaya Aura Messaging 6.1 + Avaya Communication Manager Server DEFINITY Server SI/CS + Avaya Communication Manager Server S8100 + Avaya Communication Manager Server S8300 + Avaya Communication Manager Server S8500 + Avaya Communication Manager Server S8700 Avaya Aura Messaging 6.0.1 Avaya Aura Messaging 6.0 Avaya Aura Experience Portal 6.0 Avaya Aura Conferencing 6.0 Standard Avaya Aura Application Server 5300 SIP Core 2.0 Avaya Aura Application Enablement Services 5.2.1 Avaya Aura Application Enablement Services 6.1.1 Avaya Aura Application Enablement Services 6.1 Avaya Aura Application Enablement Services 5.2.3 Avaya Aura Application Enablement Services 5.2.2 Avaya Aura Application Enablement Services 5.2
Not Vulnerable:

Oracle Java SE Remote Heap Buffer Overflow Vulnerability

Oracle Java SE is prone to a remote heap-based buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the application.

Oracle Java SE Remote Heap Buffer Overflow Vulnerability

Exploitation of this issue was demonstrated at the Pwn2Own contest, but the exploit is not publicly available.

A working commercial exploit is available through VUPEN Security - Exploit and PoCs Service. This exploit is not otherwise publicly available or known to be circulating in the wild.

Oracle Java SE Remote Heap Buffer Overflow Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Oracle Java SE Remote Heap Buffer Overflow Vulnerability

References: