Multiple vulnerabilities in Opera

Posted: November 21, 2012 in Vulnerabilities
Tags: , ,

Opera Alert

Multiple vulnerabilities

Vulnerability: Multiple vulnerabilities in Opera

Danger: High
Patch: Yes
Number of vulnerabilities: 2

Vector of operation: Remote
Impact: Disclosure of sensitive data, system compromise
CWE ID: CWE-119: An error occurred in the buffer
CWE-200: Disclosures

Affected products: Opera 12.x

Affected versions: Opera version until 12.11

Description:

Which can be exploited by malicious people to gain access to sensitive information or execute arbitrary code on the target system.

1. An error in the processing of pages. This can be exploited to determine the existence of a file on the user’s system.

2. The vulnerability is caused due to an error when processing HTTP responses. This can be exploited via a specially crafted HTTP response heap overflow and execute arbitrary code on the target system.

Solution: Install the latest version 12.11 from the manufacturer.

links:

http://www.opera.com/docs/changelogs/unified/1211/
http://www.opera.com/support/kb/view/1036/
http://www.opera.com/support/kb/view/1037/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s