Opera < 12.02 Truncated Dialog Vulnerability

This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that is affected by a
truncated dialog vulnerability.

Description :

The version of Opera installed on the remote host is earlier than
12.02 and is, therefore, reportedly affected by a truncated dialog
vulnerability.

Certain user actions, when combined with specially crafted web pages,
can cause displayed dialog boxes to be too small thus allowing the
dialog buttons to be hidden. A user may be tricked into clicking
what appear to be elements on the underlying page, but are actually
the hidden dialog buttons. This can allow arbitrary code execution to
occur.

See also :

http://www.opera.com/support/kb/view/1028/
http://www.opera.com/docs/changelogs/unified/1202/

Solution :

Upgrade to Opera 12.02 or later.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 61732 ()

Bugtraq ID: 55301

CVE ID: CVE-2012-6460

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now