Opera < 9.10 Multiple Vulnerabilities

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is susceptible to
multiple issues.

Description :

The version of Opera installed on the remote host reportedly contains
a heap overflow vulnerability that can be triggered when processing
the DHT marker in a specially crafted JPEG image to crash the browser
or possibly allow execution of arbitrary code on the affected host.

In addition, another flaw in Opera's createSVGTransformFromMatrix
object typecasting may lead to a browser crash or arbitrary code
execution if support for JavaScript is enabled.

See also :

http://www.nessus.org/u?1e804d36
http://www.nessus.org/u?1770d0e0
http://www.securityfocus.com/archive/1/456053
http://www.securityfocus.com/archive/1/456066
http://www.opera.com/support/search/supsearch.dml?index=851
http://www.opera.com/support/search/supsearch.dml?index=852

Solution :

Upgrade to Opera version 9.10 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 23977 ()

Bugtraq ID: 21882

CVE ID: CVE-2007-0126
CVE-2007-0127

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now