Opera Browser 'document.write()' Code Execution Vulnerability (Windows) Network Vulnerability

Summary

The host is installed with Opera web browser and is prone to arbitrary code execution vulnerability.

Impact

Successful exploitation will allow remote attackers to corrupt memory and execute arbitrary code by tricking a user into visiting a specially crafted web page. Impact Level: Application

Solution

Upgrade to the opera version 10.53 or later, For updates refer to http://www.opera.com/download/?os=windows&list=all

Insight

The flaw is due to an error when continuously modifying document content on a web page using 'document.write()' function.

Affected

Opera version prior to 10.53 on Windows.

References

http://secunia.com/advisories/39590
http://www.opera.com/docs/changelogs/windows/1053/
http://www.opera.com/support/kb/view/953/
http://www.vupen.com/english/advisories/2010/0999
http://xforce.iss.net/xforce/xfdb/58231

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1728

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Mac OS X)
Adobe Air and Flash Player Multiple Vulnerabilities (Mac OS X)
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Mac OS X)
Adobe AIR Multiple Vulnerabilities -01 Feb13 (Linux)
Adobe Air Remote Code Execution Vulnerability -June13 (Windows)

Opera Browser 'document.write()' Code execution Vulnerability (Windows)

Take action and discover your vulnerabilities