NASLDB: Opera < 9.00 Multiple Vulnerabilities
General
ID: 21786
Name: Opera < 9.00 Multiple Vulnerabilities
Summary: Checks version number of Opera
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: CVSS2#E:U/RL:U/RC:ND
Port: –
Family: Windows
Type: Local
Description
The version of Opera installed on the remote host reportedly contains
an issue that presents itself when the height and width parameters of
a JPEG image are set excessively high, causing Opera to allocate
insufficient memory for the image and crash as it tries to write to
memory at the wrong location.
In addition, it is reportedly affected by a flaw that may allow an
attacker to display an SSL certificate from a trusted site on an
untrusted one.
Exploiting
Exploit Available: False
Exploitability Ease: No known exploits are available
Sources
CVE: CVE-2006-3198
OSVDB: –
Bugtraq: 18594
scipID: –
Timeline
Vulnerability Disclosure: 2006/06/22
Patch Release: –
Plugin Release: 2006/06/30
Plugin
Version: 1.15
Filename: opera_900.nasl
Filesize: 2863 bytes
MD5 Hash: cce7b6b233d92571e67c613cf26084d6
Identification: SMB/Opera/Version_UI
Require Keys: SMB/Opera/Version_UI
Dependencies: "opera_installed.nasl"
Copyright: This script is Copyright© 2006-2011 Tenable Network Security, Inc.
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack