NASLDB: Opera < 11.64 URL Parsing Memory Corruption
General
ID: 59089
Name: Opera < 11.64 URL Parsing Memory Corruption
Summary: Checks version number of Opera
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C
Port: –
Family: Windows
Type: Local
Description
The version of Opera installed on the remote Windows host is earlier
than 11.64 and is, therefore, potentially affected by a memory
corruption vulnerability.
Certain crafted URLs can cause the application to allocate incorrect
amounts of memory and overwrite unrelated memory. This corruption can
then lead to application crashes or even arbitrary code execution.
Exploiting
Exploit Available: False
Exploitability Ease: No known exploits are available
Sources
CVE: CVE-2012-3561
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: 2012/05/10
Patch Release: 2012/05/10
Plugin Release: 2012/05/14
Plugin
Version: 1.5
Filename: opera_1164.nasl
Filesize: 3374 bytes
MD5 Hash: 88d12def2092de175998124a17ebab51
Identification: SMB/Opera/Version_UI
Require Keys: SMB/Opera/Version
Dependencies: "opera_installed.nasl"
Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack