Opera < 11.52 Multiple Vulnerabilities

High Log Correlation Engine Plugin ID 800854

Synopsis

The remote host has a web browser installed that is vulnerable to multiple attack vectors.

Description

The remote host is running the Opera web browser.

Versions of Opera earlier than 11.52 are potentially affected by multiple vulnerabilities :

- An error exists in the handling of certain font manipulations inside dynamically added or specifically embedded SVG images or SVG content in nested frames. This error can cause the application to crash and can possibly allow arbitrary code execution. (Issue 1002)

- Several unspecified error exist that can allow stack overflows leading to browser crashes.

Solution

Upgrade to Opera 11.52 or later.

See Also

http://.opera.com/support/kb/view/1002

http://.opera.com/docs/changelogs/windows/1152

spa-s3c.blogspot.com/2011/10/spas3c-sv-006opera-browser-101112-0-day.html

downloads.securityfocus.com/vulnerabilities/exploits/50044.rb

Plugin Details

Severity: High

ID: 800854

File Name: 800854.prm

Family: Web Clients

Published: 2011/10/27

Nessus ID: 56585

Risk Information

Risk Factor: High

CVSSv2

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

Patch Publication Date: 2011/10/19

Vulnerability Publication Date: 2011/10/10

Reference Information

BID: 50044, 50320