CVE-2008-4197

high

Description

Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut.

References

Advisories
More

https://exchange.xforce.ibmcloud.com/vulnerabilities/44552

http://security.gentoo.org/glsa/glsa-200811-01.xml

http://www.openwall.com/lists/oss-security/2008/09/24/4

http://www.openwall.com/lists/oss-security/2008/09/19/2

http://bugs.gentoo.org/show_bug.cgi?id=235298

Details

Source: Mitre, NVD

Published: 2008-09-27

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.05873