VulDB: Opera Browser up to 11.62 User Input Sanitizer buffer overflow
General
scipID: 5387
Affected: Opera Browser up to 11.62
Published: 05/10/2012 (Andrey Stroganov)
Risk: 
problematic
Entry: 87% complete
Created: 05/15/2012
Updated: 06/06/2012
Summary
A vulnerability was found in Opera Browser up to 11.62 and classified as problematic. This issue affects an unknown function of the component User Input Sanitizer. The manipulation with an unknown input leads to a buffer overflow vulnerability. Impacted is confidentiality, integrity, and availability.
The weakness was disclosed 05/10/2012 by Andrey Stroganov as knowledge base article (Website). The advisory is shared for download at opera.com. The vendor was not invovled in the public release. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details are unknown but a private exploit is available.
Upgrading to version 11.64 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (81809) and Secunia (SA49081).CVSS
Base Score: 6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P) [?]
| Access Vector | Access Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Local | High | Multiple | None | None | None |
| Adjacent | Medium | Single | Partial | Partial | Partial |
| Network | Low | None | Complete | Complete | Complete |
Exploiting
Class: Buffer overflow
Local: No
Remote: Yes
Availability: Yes
Access: Private
Countermeasures
Recommended: Upgrade
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known
Upgrade: Browser 11.64
Timeline
05/10/2012 | Advisory disclosed
05/10/2012 | Countermeasure disclosed
05/11/2012 | OSVDB entry created
05/15/2012 | VulDB entry created
06/06/2012 | VulDB entry updated
Sources
Advisory: opera.com
Researcher: Andrey Stroganov
