Detections
Analytics

Opera < 11.52 Multiple Vulnerabilities

high Log Correlation Engine Plugin ID 800854

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

The remote host is running the Opera web browser.

Versions of Opera earlier than 11.52 are potentially affected by multiple vulnerabilities :

- An error exists in the handling of certain font manipulations inside dynamically added or specifically embedded SVG images or SVG content in nested frames. This error can cause the application to crash and can possibly allow arbitrary code execution. (Issue 1002)

 - Several unspecified error exist that can allow stack overflows leading to browser crashes.

Solution

Upgrade to Opera 11.52 or later.

See Also

http://.opera.com/support/kb/view/1002

http://.opera.com/docs/changelogs/windows/1152

spa-s3c.blogspot.com/2011/10/spas3c-sv-006opera-browser-101112-0-day.html

downloads.securityfocus.com/vulnerabilities/exploits/50044.rb

Plugin Details

Severity: High

ID: 800854

Family: Web Clients

Published: 10/27/2011

Nessus ID: 56585

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Patch Publication Date: 10/19/2011

Vulnerability Publication Date: 10/10/2011

Reference Information

BID: 50044, 50320