Opera Remote Code Execution And Information Disclosure Vulnerabilities (Linux) Network Vulnerability

Summary

The host is installed with Opera Web Browser and is prone to remote code execution and information disclosure Vulnerabilities.

Impact

Successful remote attack could inject arbitrary code, launch cross site attacks, information disclosure and can even steal related DB (DataBase) contents. Impact Level: Application

Solution

Upgrade to Opera 9.60 or later http://www.opera.com/download/

Insight

Flaws are due to, - an error in Opera.dll, that fails to anchor identifier (optional argument) - an unknown error predicting the cache pathname of a cached Java applet and then launching this applet from the cache.

Affected

Opera version prior to 9.60 on Linux.

References

http://www.opera.com/support/search/view/901/
http://www.opera.com/support/search/view/902/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-4694, CVE-2008-4695

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat and Reader Multiple Vulnerabilities -July10 (Windows)
Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows
Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
Adobe Acrobat Sandbox Bypass Vulnerability - Aug14 (Windows)
Adobe AIR Multiple Vulnerabilities-01 Jun14 (Windows)

Opera Remote Code Execution and Information Disclosure Vulnerabilities (Linux)

Take action and discover your vulnerabilities