Opera < 9.24 Multiple Vulnerabilities

High Log Correlation Engine Plugin ID 800827

Synopsis

The remote host contains a web browser that is affected by two vulnerabilities.

Description

The version of Opera installed on the remote host reportedly may allow for arbitrary code execution if it has been configured to use an external news reader or email client and a user views a specially-crafted web page. In addition, it may also allow a script to bypass the same-origin policy and overwrite functions on pages from other domains when processing frames from different web sites, which can be leveraged to conduct cross-site scripting attacks.

Solution

Upgrade to version 9.24 or higher.

See Also

http://.opera.com/support/search/view/866

http://.opera.com/support/search/view/867

http://.opera.com/docs/changelogs/windows/924

Plugin Details

Severity: High

ID: 800827

File Name: 800827.prm

Family: Web Clients

Nessus ID: 27506

Risk Information

Risk Factor: High

CVSSv2

Base Score: 5.4

Temporal Score: 4

Vector: CVSS2#AV:A/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Reference Information

CVE: CVE-2007-5540, CVE-2007-5541

BID: 26100, 26102