|| Hotline : 800 2378 ||  To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu ||  To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||
    Constituency
    Authority
    Vol. 2, Feb 2012
    Vol. 1, Oct 2011
    World CERTs
    Email Abuse
 
 
Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University
 
 
 
 
 
 
 
 
 
 
 
 


   
 

CERT-MU AD-2008-15

Multiple vulnerabilities in Opera

Original issue date: August 25, 2008

Overview

Multiple vulnerabilities have been reported in Opera, exploitation of which could allow a remote attacker to execute arbitrary code or access sensitive data or show a non secure page as a secure page or change the feed subscription address.

Description

1. Startup crash can allow execution of arbitrary code

When Opera is registered as a handler for a given protocol, it can be started by external applications. An unspecified error exists in Opera which causes it to crash when started in this way. The issue can also help attackers to inject malicious code using other techniques.

NOTE: Reportedly, the vulnerability only affects Opera for Windows.

2. Sites can change framed content on other sites

Due to a flaw in the way that Opera checks what frames can be changed, a site can change the address of frames on other sites inside any window that it has opened. This can be exploited by an attacker to trick users by misrepresenting information or loading malicious content in frames from trusted websites.

3. Custom shortcuts can pass the wrong parameters to applications

Opera can be customized to run external applications (viewing graphics, playing video and audio files) through custom shortcut and menu commands. This could allow a remote attacker to execute arbitrary code on the system, caused by an error when handling custom shortcut and menu commands. By persuading a victim to modify shortcuts or menu files, a remote attacker could exploit this vulnerability to activate applications with malicious parameters and execute arbitrary code on the vulnerable system.

4. Insecure pages can display incorrect security information

The vulnerability exists because of the error in the processing of custom shortcut and menu commands. A remote user can exploit this vulnerability by creating a non-secure web page that loads content from a secure site into a frame. Opera will incorrectly indicate that the non-secure web page is a secure web page. Successful exploitation may allow execution of arbitrary code, but requires that a user is tricked into modifying shortcuts or menu files.

5. Feed links can link to local files

Opera doesn't allow web pages to link to files on the user's local disk. A vulnerability exists in Opera that allows Web pages to link to feed source files on the user's computer. Suitable detection of JavaScript events and appropriate manipulation can unreliably allow a script to detect the difference between successful and unsuccessful subscriptions to these files, to find out the existence of a file. In most cases the attempt will fail.

6. Feed subscription can cause the wrong page address to be displayed

An error exists in Opera when processing news feed subscription requests. A remote attacker can cause the page address to be changed, leaving the attacking page's address in the address bar.

Affected systems  

Opera versions prior to 9.52

Impact

Severity Rating: High

Solution

Upgrade to version 9.52
http://www.opera.com/download/

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Vendor Information

Opera
http://www.opera.com/docs/changelogs/windows/952/
http://www.opera.com/docs/changelogs/linux/952/
http://www.opera.com/support/search/view/892/
http://www.opera.com/support/search/view/893/
http://www.opera.com/support/search/view/894/
http://www.opera.com/support/search/view/895/
http://www.opera.com/support/search/view/896/
http://www.opera.com/support/search/view/897/

CVE-Name

References

FrSIRT
http://www.frsirt.com/english/advisories/2008/2416

Juniper Networks
http://www.juniper.net/security/auto/vulnerabilities/vuln30768.html

Secunia
http://secunia.com/advisories/31549/

SecurityTracker
http://securitytracker.com/alerts/2008/Aug/1020718.html
http://securitytracker.com/alerts/2008/Aug/1020719.html http://securitytracker.com/alerts/2008/Aug/1020720.html
http://securitytracker.com/alerts/2008/Aug/1020721.html
http://securitytracker.com/alerts/2008/Aug/1020722.html
http://securitytracker.com/alerts/2008/Aug/1020723.html

IBM ISS
http://xforce.iss.net/xforce/xfdb/44547
http://xforce.iss.net/xforce/xfdb/44552

  
 
News & Events
Safer Internet Day 2012
Computer Security Day 2011
Workshop on Cloud Security
Workshop on Mobile Security
Certificate Award Ceremony for Trainings in Information Security Management
  more...
 
Virus Alerts
RSS Feed
Subscribe Mailing List
 
 
 

Last Updated 20-Jul-2011
Disclaimer Maintained & Hosted by NCB
This site is best viewed in 1024 x 768 resolution. Internet Explorer 6.0 +