Opera < 10.53 Asynchronous Content Modification Uninitialized Memory Access

high Log Correlation Engine Plugin ID 800846

Synopsis

The version of Opera installed on the remote host is earlier than 10.53. Such versions are potentially affected by the following issue :

Description

- Multiple asynchronous calls to a script that modifies document content can be abused to reference an uninitialized value, leading to an application crash or possibly allowing execution of arbitrary code. (953)

Solution

Upgrade to Opera 10.53 or later.

See Also

h.ackack.net/?p=258

http://.opera.com/support/kb/view/953

http://.opera.com/docs/changelogs/windows/1053

Plugin Details

Severity: High

ID: 800846

Family: Web Clients

Published: 5/3/2010

Nessus ID: 46204

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

Patch Publication Date: 4/30/2010

Vulnerability Publication Date: 4/27/2010

Reference Information

CVE: CVE-2010-1728

BID: 39855