Opera < 9.60 Multiple Vulnerabilities

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by several
issues.

Description :

The version of Opera installed on the remote host is earlier than 9.60
and thus reportedly affected by several issues :

- Specially crafted URLs can cause Opera to crash or allow
arbitrary code execution.

- Once a Java applet has been cached, a page that can
predict the cache path for that applet can load it from
cache thereby causing it to run in the security context
of the local machine, allowing for reading of other
files from the cache.

See also :

http://www.opera.com/support/search/view/901/
http://www.opera.com/support/search/view/902/
http://www.opera.com/docs/changelogs/windows/960/

Solution :

Upgrade to Opera 9.60 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 34368 ()

Bugtraq ID: 31631
31643

CVE ID: CVE-2008-4694
CVE-2008-4695

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now