| VID |
28865 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Opera web browser which is older than version 12.13 has been installed on the host. Opera is a Web browser, developed by Opera Software, for multiple operating systems. Opera versions prior to 12.13 are vulnerable to multiple vulnerabilities.
- An error exists related to DOM manipulation that could lead to application crashes or arbitrary code execution. (1042)
- A use-after-free error exists related to SVG 'clipPaths' that could lead to memory corruption or arbitrary code execution. (1043)
- An error exists related to the TLS protocol, CBC mode encryption and response time. An attacker could obtain plaintext contents of encrypted traffic via timing attacks. (1044)
- The application could fail to make the proper 'pre-flight' Cross-Origin Resource Sharing (CORS) requests. In some situations this error could aid an attacker in cross-site request forgery (XSRF) attacks. (1045)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these conditions will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.opera.com/support/kb/view/1042/
http://www.opera.com/support/kb/view/1043/
http://www.opera.com/support/kb/view/1044/
http://www.opera.com/support/kb/view/1045/
http://www.opera.com/docs/changelogs/unified/1213/
http://cons0ul.wordpress.com/2013/01/31/opera-svg-tag-classic-use-after-free-vulnerability/
* Platforms Affected:
Opera Software, Opera versions prior to 12.13 |
| Recommendation |
Upgrade to the latest version of Opera (12.13 or later), available from the Opera Web site at http://www.opera.com/download/ |
| Related URL |
CVE-2013-1618,CVE-2013-1637,CVE-2013-1638,CVE-2013-1639 (CVE) |
| Related URL |
57633,57773 (SecurityFocus) |
| Related URL |
(ISS) |
|
