| VID |
28695 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Opera web browser which is older than version 9.10 has been installed on the host. Opera is a Web browser, developed by Opera Software, for multiple operating systems. Opera versions prior to 9.10 are vulnerable to a heap-based buffer overflow vulnerability when processing the DHT marker in a specially-crafted JPEG image. In addition, an error within createSVGTransformFromMatrix() can be exploited by passing an incorrect object to the said function. Successful exploitation of these vulnerabilities allow execution of arbitrary code. A remote attacker could construct a hostile Web site containing an overly long URL in a tag, which would be executed in the victim's Web browser within the security context of the hosting site, once the malicious link is clicked.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.opera.com/support/search/supsearch.dml?index=851
http://www.opera.com/support/search/supsearch.dml?index=852
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=458
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=457
http://www.securityfocus.com/archive/1/456053
http://www.securityfocus.com/archive/1/456066
http://secunia.com/advisories/23613/
* Platforms Affected:
Opera Software, Opera versions prior to 9.10
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Opera (9.10 or later), available from the Opera Web site at http://www.opera.com/download/ |
| Related URL |
(CVE) |
| Related URL |
21882 (SecurityFocus) |
| Related URL |
31305 (ISS) |
|
