Vulnerabilities > CVE-2008-1762 - Resource Management Errors vulnerability in Opera Browser

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
opera
CWE-399
critical
nessus
exploit available

Summary

Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory corruption.

Vulnerable Configurations

Part Description Count
Application
Opera
107

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionOpera Web Browser 9.26 Multiple Security Vulnerabilities. CVE-2008-1762. Dos exploit for linux platform
idEDB-ID:31594
last seen2016-02-03
modified2008-04-03
published2008-04-03
reporterMichal Zalewski
sourcehttps://www.exploit-db.com/download/31594/
titleOpera Web Browser 9.26 - Multiple Security Vulnerabilities

Nessus

  • NASL familyWindows
    NASL idOPERA_927.NASL
    descriptionThe version of Opera installed on the remote host reportedly is affected by several issues : - Resized canvas patterns can lead to a program crash with possible memory corruption. - A newsfeed prompt can cause Opera to execute arbitrary code. - Improved keyboard handling of password inputs.
    last seen2020-06-01
    modified2020-06-02
    plugin id31734
    published2008-04-03
    reporterThis script is Copyright (C) 2008-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31734
    titleOpera < 9.27 Multiple Vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200804-14.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200804-14 (Opera: Multiple vulnerabilities) Michal Zalewski reported two vulnerabilities, memory corruption when adding news feed sources from a website (CVE-2008-1761) as well as when processing HTML CANVAS elements to use scaled images (CVE-2008-1762). Additionally, an unspecified weakness related to keyboard handling of password inputs has been reported (CVE-2008-1764). Impact : A remote attacker could entice a user to visit a specially crafted web site or news feed and possibly execute arbitrary code with the privileges of the user running Opera. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id31961
    published2008-04-17
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31961
    titleGLSA-200804-14 : Opera: Multiple vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_AD4A00FA015711DD8BD3001372AE3AB9.NASL
    descriptionOpera Software reports of multiple security issues in Opera. All of them can lead to arbitrary code execution. Details are as the following : - Newsfeed prompt can cause Opera to execute arbitrary code - Resized canvas patterns can cause Opera to execute arbitrary code
    last seen2020-06-01
    modified2020-06-02
    plugin id31831
    published2008-04-11
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31831
    titleFreeBSD : opera -- multiple vulnerabilities (ad4a00fa-0157-11dd-8bd3-001372ae3ab9)