Opera < 9.24 Multiple Vulnerabilities

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by two
vulnerabilities.

Description :

The version of Opera installed on the remote host reportedly may allow
for arbitrary code execution if it has been configured to use an
external news reader or email client and a user views a
specially crafted web page.

In addition, it may also allow a script to bypass the same-origin
policy and overwrite functions on pages from other domains when
processing frames from different websites, which can be leveraged to
conduct cross-site scripting attacks.

See also :

http://www.opera.com/support/search/view/866/
http://www.opera.com/support/search/view/867/
http://www.opera.com/docs/changelogs/windows/924/

Solution :

Upgrade to Opera version 9.24 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 27506 ()

Bugtraq ID: 26100
26102

CVE ID: CVE-2007-5540
CVE-2007-5541

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now