Vulnerabilities > CVE-2010-1728 - Resource Management Errors vulnerability in Opera Browser
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Opera before 10.53 on Windows and Mac OS X does not properly handle a series of document modifications that occur asynchronously, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop, leading to attempted use of uninitialized memory. NOTE: this might overlap CVE-2006-6955.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
| NASL family | Windows |
| NASL id | OPERA_1053.NASL |
| description | The version of Opera installed on the remote host is earlier than 10.53. Such versions are potentially affected by the following issue : - Multiple asynchronous calls to a script that modifies document contents can be abused to reference an uninitialized value, leading to an application crash or possibly allowing execution of arbitrary code. (953) |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 46204 |
| published | 2010-04-30 |
| reporter | This script is Copyright (C) 2010-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/46204 |
| title | Opera < 10.53 Asynchronous Content Modification Uninitialized Memory Access |
Oval
| accepted | 2013-12-23T04:00:06.168-05:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | sequences in an infinite loop, leading to attempted use of uninitialized memory. NOTE: this might overlap CVE-2006-6955. | ||||||||||||
| family | windows | ||||||||||||
| id | oval:org.mitre.oval:def:11927 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-08-03T10:31:45.529 | ||||||||||||
| title | Denial of service in Opera before 10.53 due to failure to handle a series of document modifications that occur asynchronously. | ||||||||||||
| version | 12 |
References
- http://h.ackack.net/?p=258
- http://my.opera.com/desktopteam/blog/2010/04/28/opera-10-53-rc1-for-windows-and-mac
- http://secunia.com/advisories/39590
- http://www.opera.com/docs/changelogs/mac/1053/
- http://www.opera.com/docs/changelogs/windows/1053/
- http://www.opera.com/support/kb/view/953/
- http://www.vupen.com/english/advisories/2010/0999
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58231
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11927