Opera < 7.54 location Object Crafted URL Arbitrary Local File Access

This script is Copyright (C) 2004-2011 Tenable Network Security, Inc.

Synopsis :

The remote host contains a web browser that is affected by
multiple flaws.

Description :

The version of Opera on the remote host fails to block write access to
the 'location' object. This could allow a user to create a specially
crafted URL to overwrite methods within the 'location' object that would
execute arbitrary code in a user's browser within the trust relationship
between the browser and the server, leading to a loss of confidentiality
and integrity.

See also :


Solution :

Upgrade to Opera 7.54 or newer.

Risk factor :

Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.1
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 14261 ()

Bugtraq ID: 10873

CVE ID: CVE-2004-2570

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now