Opera < 11.01 Multiple Vulnerabilities

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by multiple
vulnerabilities

Description :

The version of Opera installed on the remote Windows host is earlier
than 11.01. Such versions are potentially affected by the following
issues :

- The Cascading Style Sheets (CSS) Extensions for XML
implementation recognizes links to javascript: URLs in
the -o-link property, which could be abused to bypass
CSS filtering. (CVE-2011-0681)

- An integer truncation error exists such that the
application may crash when accessing web pages that
contain forms having large numbers of items in an
'option' element. Such crashes may lead to memory
corruption and allow code execution. (982)

- An error exists in the handling of internal 'opera:'
URLS that can allow anti-clickjacking configuration
options to be modified. (983)

- An error exists in the processing of certain HTTP
requests and responses that can allow limited,
unauthorized access to local files. (984)

- An error exists in the downloads manager that allows
unintended executables to be used when attempting to
open the folder containing a downloaded file. (985)

- An error exists in the private data deletion process
that causes the removal of email passwords to be
delayed. (986)

See also :

http://www.opera.com/support/kb/view/982/
http://www.opera.com/support/kb/view/983/
http://www.opera.com/support/kb/view/984/
http://www.opera.com/support/kb/view/985/
http://www.opera.com/support/kb/view/986/
http://www.opera.com/docs/changelogs/windows/1101/

Solution :

Upgrade to Opera 11.01 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now