| VID |
28829 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Opera web browser which is older than version 11.01 has been installed on the host. Opera is a Web browser, developed by Opera Software, for multiple operating systems. Opera versions prior to 11.01 are vulnerable to multiple vulnerabilities.
- The Cascading Style Sheets (CSS) Extensions for XML implementation recognizes links to javascript: URLs in the -o-link property, which could be abused to bypass CSS filtering. (CVE-2011-0681)
- An integer truncation error exists such that the application may crash when accessing web pages that
contain forms having large numbers of items in an 'option' element. Such crashes may lead to memory corruption and allow code execution. (982)
- An error exists in the handling of internal 'opera:' URLS that can allow anti-clickjacking configuration options to be modified. (983)
- An error exists in the processing of certain HTTP requests and responses that can allow limited, unauthorized access to local files. (984)
- An error exists in the downloads manager that allows unintended executables to be used when attempting to open the folder containing a downloaded file. (985)
- An error exists in the private data deletion process that causes the removal of email passwords to be delayed. (986)
* Note: This check solely relied on the banner of the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.opera.com/support/kb/view/982/
http://www.opera.com/support/kb/view/983/
http://www.opera.com/support/kb/view/984/
http://www.opera.com/support/kb/view/985/
http://www.opera.com/support/kb/view/986/
http://www.opera.com/docs/changelogs/windows/1101/
* Platforms Affected:
Opera Software, Opera versions prior to 11.01 |
| Recommendation |
Upgrade to the latest version of Opera (11.01 or later), available from the Opera Web site at http://www.opera.com/download/ |
| Related URL |
CVE-2011-0450,CVE-2011-0681,CVE-2011-0682,CVE-2011-0683,CVE-2011-0684,CVE-2011-0685,CVE-2011-0686,CVE-2011-0687 (CVE) |
| Related URL |
45951,46003,46036 (SecurityFocus) |
| Related URL |
(ISS) |
|
