Vulnerabilities > CVE-2010-5227 - Unspecified vulnerability in Opera

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
opera
nessus
exploit available
NVD
Published: 2012-09-07
Updated: 2024-11-21

Summary

Untrusted search path vulnerability in Opera before 10.62 allows local users to gain privileges via a Trojan horse dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .htm, .mht, .mhtml, .xht, .xhtm, or .xhtl file. NOTE: some of these details are obtained from third party information.

Vulnerable Configurations

Part Description Count
Application
Opera
1

Exploit-Db

descriptionOpera v10.61 DLL Hijacking Exploit (dwmapi.dll). CVE-2010-5227. Local exploit for windows platform
fileexploits/windows/local/14732.c
idEDB-ID:14732
last seen2016-02-01
modified2010-08-24
platformwindows
port
published2010-08-24
reporterNicolas Krassas
sourcehttps://www.exploit-db.com/download/14732/
titleOpera 10.61 - DLL Hijacking Exploit dwmapi.dll
typelocal

Nessus

NASL familyWindows
NASL idOPERA_1062.NASL
descriptionThe version of Opera installed on the remote host is earlier than 10.62. Such versions insecurely look in their current working directory when resolving DLL dependencies, such as for
last seen2020-06-01
modified2020-06-02
plugin id49174
published2010-09-10
reporterThis script is Copyright (C) 2010-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/49174
titleOpera < 10.62 Path Subversion Arbitrary DLL Injection Code Execution
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(49174);
  script_version("1.9");
  script_cvs_date("Date: 2018/11/15 20:50:27");

  script_cve_id("CVE-2010-5227");
  script_bugtraq_id(42663);
  script_xref(name:"EDB-ID", value:"14732");
  script_xref(name:"Secunia", value:"41083");

  script_name(english:"Opera < 10.62 Path Subversion Arbitrary DLL Injection Code Execution");
  script_summary(english:"Checks version number of Opera");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains a web browser that allows arbitrary code
execution.");
  script_set_attribute(attribute:"description", value:

"The version of Opera installed on the remote host is earlier than
10.62.  Such versions insecurely look in their current
working directory when resolving DLL dependencies, such as for
'dwmapi.dll'

If another application can be made to launch Opera in such a way that
it searches for DLLs in the same location as a resource that is being
loaded, it will allow remote code execution."
  );
  script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20170713150711/http://www.opera.com:80/docs/changelogs/windows/1062/");
  script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20130225215231/http://www.opera.com/support/kb/view/970/");
  script_set_attribute(attribute:"solution", value:"Upgrade to Opera 10.62 or later.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vuln_publication_date", value:"2010/08/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2010/09/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/10");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:opera:opera_browser");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2010-2018 Tenable Network Security, Inc.");

  script_dependencies("opera_installed.nasl");
  script_require_keys("SMB/Opera/Version");

  exit(0);
}

include("global_settings.inc");
include("misc_func.inc");

version = get_kb_item_or_exit("SMB/Opera/Version");

version_ui = get_kb_item("SMB/Opera/Version_UI");
if (isnull(version_ui)) version_report = version;
else version_report = version_ui;

install_path = get_kb_item('SMB/Opera/Path');

if (ver_compare(ver:version, fix:'10.62.3500.0') == -1)
{
  if (report_verbosity > 0)
  {
    report = 
      '\n  Path              : ' + install_path +
      '\n  Installed version : ' + version_report +
      '\n  Fixed version     : 10.62\n';
    security_hole(port:get_kb_item("SMB/transport"), extra:report);
  }
  else security_hole(port:get_kb_item("SMB/transport"));
  exit(0);
}
else exit(0, "The host is not affected since Opera "+version_report+" is installed.");

References