Multiple vulnerabilities
Vulnerability: Multiple vulnerabilities in Opera
Danger: High
Patch: Yes
Number of vulnerabilities: 2
Vector of operation: Remote
Impact: Disclosure of sensitive data, system compromise
CWE ID: CWE-119: An error occurred in the buffer
CWE-200: Disclosures
Affected products: Opera 12.x
Affected versions: Opera version until 12.11
Description:
Which can be exploited by malicious people to gain access to sensitive information or execute arbitrary code on the target system.
1. An error in the processing of pages. This can be exploited to determine the existence of a file on the user’s system.
2. The vulnerability is caused due to an error when processing HTTP responses. This can be exploited via a specially crafted HTTP response heap overflow and execute arbitrary code on the target system.
Solution: Install the latest version 12.11 from the manufacturer.
links:
http://www.opera.com/docs/changelogs/unified/1211/
http://www.opera.com/support/kb/view/1036/
http://www.opera.com/support/kb/view/1037/
