Detections
Analytics

Opera < 12.01 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 6551

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

The remote host is running the Opera web browser.

Versions of Opera earlier than 12.01 are potentially affected by multiple vulnerabilities :

 - An error exists in the handling of certain URLs that can lead to memory corruption and possible code execution. (1016)

 - Errors exist in the handling of DOM elements and certain HTML characters that can lead to cross-site scripting. (1025, 1026)

 - Download dialog boxes can be made small enough that users may not realize they are accepting a download and further, executing such a download. (1027)

 - An attacker could cause an application crash by tricking a user into connecting to a malicious site, as demonstrated by the Lenovo 'Shop Now' page. (CVE-2012-4146)

Solution

Upgrade to Opera 12.01 or later.

See Also

http://www.opera.com/support/kb/view/1016

http://www.opera.com/support/kb/view/1025

http://www.opera.com/support/kb/view/1026

http://www.opera.com/support/kb/view/1027

http://www.opera.com/docs/changelogs/windows/1201

Plugin Details

Severity: High

ID: 6551

Family: Web Clients

Published: 8/24/2012

Updated: 3/6/2019

Nessus ID: 61414

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:opera:opera_browser

Patch Publication Date: 6/14/2012

Vulnerability Publication Date: 6/14/2012

Reference Information

CVE: CVE-2012-3561, CVE-2012-4142, CVE-2012-4143, CVE-2012-4144, CVE-2012-4145, CVE-2012-4146

BID: 53474, 54779, 54780, 54782, 54788