Summary
The host is installed with Opera and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let the attacker crash the browser leading to denial of service, execute the arbitrary code or disclose the information.
Impact Level: System/Application
Solution
Upgrade to Opera version 12.10 or later,
For updates refer to http://www.opera.com/
Insight
- Internet shortcuts used for phishing in '<img>' elements.
- Specially crafted WebP images can be used to disclose random chunks of memory.
- Specially crafted SVG images can allow execution of arbitrary code.
- Cross domain access to object constructors can be used to facilitate cross-site scripting.
- Data URIs can be used to facilitate Cross-Site Scripting.
- CORS requests can incorrectly retrieve contents of cross origin pages.
- Certificate revocation service failure may cause Opera to show an unverified site as secur.
Affected
Opera version before 12.10 on Mac OS X
References
- http://www.opera.com/docs/changelogs/unified/1210/
- http://www.opera.com/support/kb/view/1029/
- http://www.opera.com/support/kb/view/1030/
- http://www.opera.com/support/kb/view/1031/
- http://www.opera.com/support/kb/view/1032/
- http://www.opera.com/support/kb/view/1033/
- http://www.opera.com/support/kb/view/1034/
- http://www.opera.com/support/kb/view/1035/
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-6461, CVE-2012-6462, CVE-2012-6463, CVE-2012-6464, CVE-2012-6465, CVE-2012-6466, CVE-2012-6467 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows)
- Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Windows)
- Adobe Flash Media Server Multiple Remote Security Vulnerabilities
- Adobe Air Multiple Vulnerabilities June-2012 (Mac OS X)
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)