Opera Remote Code Execution And Information Disclosure Vulnerabilities (Win) Network Vulnerability

Summary

The host is installed with Opera Web Browser and is prone to remote code execution and information disclosure Vulnerabilities.

Impact

Successful remote attack could inject arbitrary code, launch cross site attacks, information disclosure and can even steal related DB (DataBase) contents. Impact Level: Application

Solution

Upgrade to Opera 9.60 or later http://www.opera.com/download/

Insight

Flaws are due to, - an error in Opera.dll, that fails to anchor identifier (optional argument) - an unknown error in predicting the cache pathname of a cached Java applet and then launching this applet from the cache.

Affected

Opera version prior to 9.60 on Windows.

References

http://www.opera.com/support/search/view/901/
http://www.opera.com/support/search/view/902/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-4694, CVE-2008-4695

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Mac OS X)
Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Mac OS X
Adobe AIR Security Bypass Vulnerability Jan14 (Windows)
Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Linux)
Adobe AIR Multiple Vulnerabilities -01 April 13 (Windows)

Opera Remote Code Execution and Information Disclosure Vulnerabilities (Win)

Take action and discover your vulnerabilities