Vulnerabilities > CVE-2007-6523 - Resource Management Errors vulnerability in Opera Browser
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
COMPLETE Summary
Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before 9.25 allows remote attackers to cause a denial of service (CPU consumption) via a crafted bitmap (BMP) file that triggers a large number of calculations and checks.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 14 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Windows NASL id OPERA_925.NASL description The version of Opera installed on the remote host reportedly is affected by several issues, including one in which TLS certificates could be used to execute arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 29742 published 2007-12-19 reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29742 title Opera < 9.25 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(29742); script_version("1.17"); script_cve_id( "CVE-2007-6520", "CVE-2007-6521", "CVE-2007-6522", "CVE-2007-6523", "CVE-2007-6524", "CVE-2009-2059", "CVE-2009-2063" ); script_bugtraq_id(26721, 26937, 35380, 35412); script_name(english:"Opera < 9.25 Multiple Vulnerabilities"); script_summary(english:"Checks version number of Opera"); script_set_attribute(attribute:"synopsis", value: "The remote host contains a web browser that is affected by several issues." ); script_set_attribute(attribute:"description", value: "The version of Opera installed on the remote host reportedly is affected by several issues, including one in which TLS certificates could be used to execute arbitrary code." ); script_set_attribute(attribute:"see_also", value:"https://www.microsoft.com/en-us/research/publication/pretty-bad-proxy-an-overlooked-adversary-in-browsers-https-deployments/?from=http%3A%2F%2Fresearch.microsoft.com%2Fapps%2Fpubs%2Fdefault.aspx%3Fid%3D79323" ); script_set_attribute(attribute:"see_also", value:"http://www.opera.com/support/search/view/875/" ); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20080516195213/http://www.opera.com/support/search/view/876/" ); script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20170714204727/http://www.opera.com:80/docs/changelogs/windows/925/" ); script_set_attribute(attribute:"solution", value: "Upgrade to Opera version 9.25 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(79, 189, 200, 287, 310, 399); script_set_attribute(attribute:"plugin_publication_date", value: "2007/12/19"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:opera:opera_browser"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc."); script_dependencies("opera_installed.nasl"); script_require_keys("SMB/Opera/Version_UI"); exit(0); } include("global_settings.inc"); version_ui = get_kb_item("SMB/Opera/Version_UI"); if (isnull(version_ui)) exit(0); if (version_ui =~ "^([0-8]\.|9\.([01][0-9]|2[0-4])($|[^0-9]))") { if (report_verbosity) { report = string( "\n", "Opera version ", version_ui, " is currently installed on the remote host.\n" ); security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); }NASL family SuSE Local Security Checks NASL id SUSE_OPERA-4858.NASL description Opera released version 9.25 of their browser to fix various security problems. CVE-2007-6520: Fixed an issue where plug-ins could be used to allow cross domain scripting, as reported by David Bloom. Details will be disclosed at a later date. CVE-2007-6521: Fixed an issue with TLS certificates that could be used to execute arbitrary code, as reported by Alexander Klink (Cynops GmbH). Details will be disclosed at a later date. CVE-2007-6522: Rich text editing can no longer be used to allow cross domain scripting, as reported by David Bloom. See our advisory. CVE-2007-6523: Fixed a problem where malformed BMP files could cause Opera to temporarily freeze. CVE-2007-6524: Prevented bitmaps from revealing random data from memory, as reported by Gynvael Coldwind. Details will be disclosed at a later date. last seen 2020-06-01 modified 2020-06-02 plugin id 29884 published 2008-01-08 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29884 title openSUSE 10 Security Update : opera (opera-4858)
References
- http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00001.html
- http://secunia.com/advisories/28314
- http://securityreason.com/securityalert/3482
- http://www.securityfocus.com/archive/1/484605/100/200/threaded
- http://www.securityfocus.com/bid/26721
- http://www.vupen.com/english/advisories/2007/4261