Opera < 10.53 Asynchronous Content Modification Uninitialized Memory Access

High Log Correlation Engine Plugin ID 800846

Synopsis

The version of Opera installed on the remote host is earlier than 10.53. Such versions are potentially affected by the following issue :

Description

- Multiple asynchronous calls to a script that modifies document content can be abused to reference an uninitialized value, leading to an application crash or possibly allowing execution of arbitrary code. (953)

Solution

Upgrade to Opera 10.53 or later.

See Also

h.ackack.net/?p=258

http://.opera.com/support/kb/view/953

http://.opera.com/docs/changelogs/windows/1053

Plugin Details

Severity: High

ID: 800846

File Name: 800846.prm

Family: Web Clients

Published: 2010/05/03

Nessus ID: 46204

Risk Information

Risk Factor: High

CVSSv2

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Patch Publication Date: 2010/04/30

Vulnerability Publication Date: 2010/04/27

Reference Information

CVE: CVE-2010-1728

BID: 39855