Summary
This host is installed with Opera and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary code, perform distinguishing attacks and plaintext-recovery attacks or cause a denial of service.
Impact Level: System/Application
Solution
Upgrade to Opera version 12.13 or later,
For updates refer to http://www.opera.com
Insight
- Does not send CORS preflight requests, this allows remote attackers to bypass CSRF protection mechanism via crafted site.
- Error with particular DOM events manipulation.
- SVG documents with crafted clipPaths allows content to overwrite memory.
- Does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding.
Affected
Opera version prior to 12.13 on Windows
References
Severity
Classification
-
CVE CVE-2013-1618, CVE-2013-1637, CVE-2013-1638, CVE-2013-1639 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Windows)
- Adobe Air Multiple Vulnerabilities - October 12 (Mac OS X)
- Adobe Acrobat Out-of-bounds Vulnerability Feb15 (Windows)
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Mac OS X)
- Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Windows)