Vulnerabilities > CVE-2004-1810 - Unspecified vulnerability in Opera Browser

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
opera
nessus
NVD
Published: 2004-12-31
Updated: 2022-02-28

Summary

The Javascript engine in Opera 7.23 allows remote attackers to cause a denial of service (crash) by creating a new Array object with a large size value, then writing into that array.

Vulnerable Configurations

Part Description Count
Application
Opera
72

Nessus

NASL familyWindows
NASL idOPERA_LARGE_JAVASCRIPT_ARRAY_VULN.NASL
descriptionThe version of Opera on the remote host is vulnerable to an issue when handling large JavaScript arrays. In particular, it is possible to crash the browser when performing various operations on Array objects with 99999999999999999999999 or 0x23000000 elements. The crash is due to a segmentation fault and may be indicative of an exploitable memory corruption vulnerability, possibly resulting in arbitrary code execution.
last seen2020-06-01
modified2020-06-02
plugin id14248
published2004-08-10
reporterThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/14248
titleOpera < 7.50 JavaScript Engine Array Handling DoS
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(14248);
 script_version("1.17");
 script_cvs_date("Date: 2018/07/16 14:09:15");

 script_cve_id("CVE-2004-1810");
 script_bugtraq_id(9869);

 script_name(english:"Opera < 7.50 JavaScript Engine Array Handling DoS");
 script_summary(english:"Determines the version of Opera.exe");

 script_set_attribute(attribute:"synopsis", value:
"An installed browser is vulnerable to a denial of service attack." );
 script_set_attribute(attribute:"description", value:
"The version of Opera on the remote host is vulnerable to an issue when
handling large JavaScript arrays. 

In particular, it is possible to crash the browser when performing
various operations on Array objects with 99999999999999999999999 or
0x23000000 elements. 

The crash is due to a segmentation fault and may be indicative of an
exploitable memory corruption vulnerability, possibly resulting in
arbitrary code execution." );
 script_set_attribute(attribute:"solution", value:"Install Opera 7.50 or later.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/10");
 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:opera:opera_browser");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows");

 script_dependencies("opera_installed.nasl");
 script_require_keys("SMB/Opera/Version");
 exit(0);
}

#

include("global_settings.inc");

version_ui = get_kb_item("SMB/Opera/Version_UI");
version = get_kb_item("SMB/Opera/Version");
if (isnull(version)) exit(0);

ver = split(version, sep:'.', keep:FALSE);
for (i=0; i<max_index(ver); i++)
  ver[i] = int(ver[i]);

if (
  ver[0] < 7 ||
  (ver[0] == 7 && ver[1] < 50)
)
{
  if (report_verbosity && version_ui)
  {
    report = string(
      "\n",
      "Opera ", version_ui, " is currently installed on the remote host.\n"
    );
    security_warning(port:get_kb_item("SMB/transport"), extra:report);
  }
  else security_warning(get_kb_item("SMB/transport"));
}

References