Opera < 9.64 Multiple Vulnerabilities

medium Nessus Network Monitor Plugin ID 4945

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The version of Opera installed on the remote host is earlier than 9.64 and is reportedly affected by multiple issues :

- A memory corruption vulnerability when processing specially crafted JPEG files could allow an attacker to execute arbitrary code with the privileges of the affected application. (926)

- It may be possible for certain plugins to execute arbitrary code in the context of a different domain. An attacker could exploit this to steal authentication credentials as well as carry out other attacks.

- A denial of service issue when the application handles a maliciously crafted web page containing 'HTMLSelectElement' object with a large length attribute.

Solution

Upgrade to version 9.64 or higher.

See Also

http://www.opera.com/support/kb/view/926

http://www.opera.com/docs/changelogs/windows/964

Plugin Details

Severity: Medium

ID: 4945

Family: Web Clients

Published: 3/4/2009

Updated: 3/6/2019

Nessus ID: 35761

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:opera:opera_browser

Reference Information

CVE: CVE-2009-0914, CVE-2009-0915, CVE-2009-0916

BID: 33961