CERT-MU Vulnerability Note VN-2009-6

Multiple Vulnerabilities in Opera

Original Issue Date: March 04, 2009

Severity Rating: High

Systems Affected

• Opera versions prior to 9.64

Overview

Multiple vulnerabilities have been reported in Opera, which can be exploited by an attacker to execute arbitrary code or conduct cross-site scripting attacks.

Description

• Malformed JPEG Image Processing Memory Corruption Vulnerability
  
  This vulnerability is due to an unspecified error in the processing of JPEG images which will trigger a memory corruption and crash. An unauthenticated, remote attacker could exploit this vulnerability using a specially crafted JPEG image to execute arbitrary code.
  
  
• Plug-ins related Cross-Site Scripting Vulnerability
  
  This vulnerability is caused by an unspecified error related to plug-ins, which could be exploited to conduct cross-site scripting attacks.

Solution

Upgrade to Opera 9.64 or later

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Vendor Information

Opera
http://www.opera.com/docs/changelogs/windows/964
http://www.opera.com/support/kb/view/926

References

Opera
http://www.opera.com/docs/changelogs/windows/964
http://www.opera.com/support/kb/view/926

SecurityFocus
http://www.securityfocus.com/bid/33961/

Security Tracker
http://www.securitytracker.com/alerts/2009/Mar/1021782.html

VUPEN
http://www.vupen.com/english/advisories/2009/0586