Detections
Analytics

Opera < 11.52 Multiple Vulnerabilities

high Nessus Plugin ID 56585

Language:

Synopsis

The remote host contains a web browser that is affected by multiple vulnerabilities.

Description

The version of Opera installed on the remote Windows host is prior to 11.52. It is, therefore, affected by multiple vulnerabilities :

 - An unspecified use-after-free error exists due to improper validation of user-supplied input. A remote attacker can exploit this, via a specially crafted web page, to dereference already freed memory, resulting in a crash of the browser. (CVE-2011-4152)

 - An error exists related to the handling of certain font manipulations inside dynamically added or specifically embedded SVG images or SVG content in nested frames. A remote attacker can exploit this to crash the application or execute arbitrary code.
 (BID 50044 / Issue #1002)

 - Multiple unspecified errors exist that allow an attacker to cause a stack overflow condition, resulting in a browser crash.

Solution

Upgrade to Opera 11.52 or later.

See Also

http://www.nessus.org/u?89f357a0

http://www.nessus.org/u?e94f90d9

http://www.nessus.org/u?c1a34bd3

https://downloads.securityfocus.com/vulnerabilities/exploits/50044.rb

Plugin Details

Severity: High

ID: 56585

File Name: opera_1152.nasl

Version: 1.9

Type: Local

Agent: windows

Family: Windows

Published: 10/21/2011

Updated: 5/27/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2011-4152

Vulnerability Information

CPE: cpe:/a:opera:opera_browser

Required KB Items: installed_sw/Opera

Exploit Ease: No known exploits are available

Patch Publication Date: 10/19/2011

Vulnerability Publication Date: 10/10/2011

Reference Information

CVE: CVE-2011-4152

BID: 50044, 50320