Summary
This host is installed with Opera and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary script code, disclose sensitive information, or cause a denial of service.
Impact Level: Application
Solution
Upgrade to Opera version 12.01 or later,
For updates refer to http://www.opera.com/
Insight
- Multiple unspecified errors.
- An error when certain characters in HTML documents are ignored under some circumstances, which allows to conduct XSS attacks.
- The improper implementation of download dialog feature, which allows attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog.
- Fails to escape characters in DOM elements, which allows to conduct XSS attacks.
- An error caused via a crafted web site on Lenovos 'Shop now' page.
Affected
Opera version prior to 12.01 on Windows
References
Severity
Classification
-
CVE CVE-2012-4142, CVE-2012-4143, CVE-2012-4144, CVE-2012-4145, CVE-2012-4146 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities -01 April 13 (Windows)
- Adobe Air Code Execution and DoS Vulnerabilities (MAC OS X)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Mac OX S)
- Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Windows)
- Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Windows)