Opera 6.0/7.0 Username URI Warning Dialog Buffer Overflow Vulnerability
2003-02-10T00:00:00
ID EDB-ID:22239 Type exploitdb Reporter nesumin Modified 2003-02-10T00:00:00
Description
Opera 6.0/7.0 Username URI Warning Dialog Buffer Overflow Vulnerability. CVE-2003-1387. Dos exploit for windows platform
source: http://www.securityfocus.com/bid/6811/info
The Opera browser for Win32 (and possibly other) systems is prone to a remotely exploitable buffer overflow condition. For security purposes, Opera will display a warning any time a user of the client visits a link containing a username as part of the URI. An excessively long username will trigger a buffer overflow condition related to this security feature that may overwrite the stack frame of the affected function. Attackers may exploit this vulnerability to execute instructions on client systems.
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/22239.tgz
{"id": "EDB-ID:22239", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Opera 6.0/7.0 Username URI Warning Dialog Buffer Overflow Vulnerability", "description": "Opera 6.0/7.0 Username URI Warning Dialog Buffer Overflow Vulnerability. CVE-2003-1387. Dos exploit for windows platform", "published": "2003-02-10T00:00:00", "modified": "2003-02-10T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/22239/", "reporter": "nesumin", "references": [], "cvelist": ["CVE-2003-1387"], "lastseen": "2016-02-02T18:17:30", "viewCount": 3, "enchantments": {"score": {"value": 6.6, "vector": "NONE", "modified": "2016-02-02T18:17:30", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2003-1387"]}, {"type": "nessus", "idList": ["OPERA_MULTIPLE_FLAWS.NASL"]}], "modified": "2016-02-02T18:17:30", "rev": 2}, "vulnersScore": 6.6}, "sourceHref": "https://www.exploit-db.com/download/22239/", "sourceData": "source: http://www.securityfocus.com/bid/6811/info\r\n\r\nThe Opera browser for Win32 (and possibly other) systems is prone to a remotely exploitable buffer overflow condition. For security purposes, Opera will display a warning any time a user of the client visits a link containing a username as part of the URI. An excessively long username will trigger a buffer overflow condition related to this security feature that may overwrite the stack frame of the affected function. Attackers may exploit this vulnerability to execute instructions on client systems. \r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/22239.tgz", "osvdbidlist": ["60372"]}
{"cve": [{"lastseen": "2020-10-03T11:33:03", "description": "Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL with a long username.", "edition": 3, "cvss3": {}, "published": "2003-12-31T05:00:00", "title": "CVE-2003-1387", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2003-1387"], "modified": "2017-07-29T01:29:00", "cpe": ["cpe:/a:opera_software:opera_web_browser:7.0_beta2", "cpe:/a:opera_software:opera_web_browser:6.0.5", "cpe:/a:opera_software:opera_web_browser:7.0_beta1", "cpe:/a:opera_software:opera_web_browser:6.0.6"], "id": "CVE-2003-1387", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-1387", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:opera_software:opera_web_browser:6.0.6:*:win32:*:*:*:*:*", "cpe:2.3:a:opera_software:opera_web_browser:7.0_beta2:*:win32:*:*:*:*:*", "cpe:2.3:a:opera_software:opera_web_browser:7.0_beta1:*:win32:*:*:*:*:*", "cpe:2.3:a:opera_software:opera_web_browser:6.0.5:*:win32:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-01-01T04:33:28", "description": "The version of Opera installed on the remote host is vulnerable to\nvarious security flaws, ranging from cross-site scripting to buffer\noverflows. \n\nTo exploit them, an attacker would need to set up a rogue website,\nthen lure a user of this host visit it using Opera. He would then be\nable to execute arbitrary code on this host.", "edition": 25, "published": "2003-03-16T00:00:00", "title": "Opera < 7.03 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-1397", "CVE-2003-1420", "CVE-2002-2414", "CVE-2003-1387"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:opera:opera_browser"], "id": "OPERA_MULTIPLE_FLAWS.NASL", "href": "https://www.tenable.com/plugins/nessus/11404", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(11404);\n script_version(\"1.25\");\n script_cve_id(\"CVE-2002-2414\", \"CVE-2003-1387\", \"CVE-2003-1397\", \"CVE-2003-1420\");\n script_bugtraq_id(6218, 6754, 6755, 6756, 6757, 6759, 6811, 6814, 6962, 7056);\n\n script_name(english:\"Opera < 7.03 Multiple Vulnerabilities\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host has an application that is affected by \nmultiple flaws.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The version of Opera installed on the remote host is vulnerable to\nvarious security flaws, ranging from cross-site scripting to buffer\noverflows. \n\nTo exploit them, an attacker would need to set up a rogue website,\nthen lure a user of this host visit it using Opera. He would then be\nable to execute arbitrary code on this host.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://web.archive.org/web/20170714204641/http://www.opera.com:80/docs/changelogs/windows/703/\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Install Opera 7.03 or newer.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79, 119);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2003/03/16\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2003/02/26\");\n script_cvs_date(\"Date: 2018/11/15 20:50:28\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_set_attribute(attribute:\"cpe\", value:\"cpe:/a:opera:opera_browser\");\nscript_end_attributes();\n\n script_summary(english:\"Determines the version of Opera.exe\");\n \n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Windows\");\n script_dependencies(\"opera_installed.nasl\");\n script_require_keys(\"SMB/Opera/Version\");\n exit(0);\n}\n\n#\n\ninclude(\"global_settings.inc\");\n\nversion_ui = get_kb_item(\"SMB/Opera/Version_UI\");\nversion = get_kb_item(\"SMB/Opera/Version\");\nif (isnull(version)) exit(0);\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (\n ver[0] < 7 ||\n (ver[0] == 7 && ver[1] < 3)\n)\n{\n if (report_verbosity && version_ui)\n {\n report = string(\n \"\\n\",\n \"Opera \", version_ui, \" is currently installed on the remote host.\\n\"\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
