Vulnerabilities > CVE-2008-1761 - Resource Management Errors vulnerability in Opera
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted newsfeed source, which triggers an invalid memory access.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 9 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Windows NASL id OPERA_927.NASL description The version of Opera installed on the remote host reportedly is affected by several issues : - Resized canvas patterns can lead to a program crash with possible memory corruption. - A newsfeed prompt can cause Opera to execute arbitrary code. - Improved keyboard handling of password inputs. last seen 2020-06-01 modified 2020-06-02 plugin id 31734 published 2008-04-03 reporter This script is Copyright (C) 2008-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31734 title Opera < 9.27 Multiple Vulnerabilities NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200804-14.NASL description The remote host is affected by the vulnerability described in GLSA-200804-14 (Opera: Multiple vulnerabilities) Michal Zalewski reported two vulnerabilities, memory corruption when adding news feed sources from a website (CVE-2008-1761) as well as when processing HTML CANVAS elements to use scaled images (CVE-2008-1762). Additionally, an unspecified weakness related to keyboard handling of password inputs has been reported (CVE-2008-1764). Impact : A remote attacker could entice a user to visit a specially crafted web site or news feed and possibly execute arbitrary code with the privileges of the user running Opera. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 31961 published 2008-04-17 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31961 title GLSA-200804-14 : Opera: Multiple vulnerabilities NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_AD4A00FA015711DD8BD3001372AE3AB9.NASL description Opera Software reports of multiple security issues in Opera. All of them can lead to arbitrary code execution. Details are as the following : - Newsfeed prompt can cause Opera to execute arbitrary code - Resized canvas patterns can cause Opera to execute arbitrary code last seen 2020-06-01 modified 2020-06-02 plugin id 31831 published 2008-04-11 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31831 title FreeBSD : opera -- multiple vulnerabilities (ad4a00fa-0157-11dd-8bd3-001372ae3ab9)
References
- http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00007.html
- http://secunia.com/advisories/29662
- http://secunia.com/advisories/29679
- http://secunia.com/advisories/29735
- http://security.gentoo.org/glsa/glsa-200804-14.xml
- http://www.opera.com/docs/changelogs/linux/927/
- http://www.opera.com/support/search/view/881/
- http://www.securityfocus.com/bid/28585
- http://www.vupen.com/english/advisories/2008/1084/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41625