Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.OPERA_1201.NASL
HistoryAug 03, 2012 - 12:00 a.m.

Opera < 12.01 Multiple Vulnerabilities

2012-08-0300:00:00
This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.1 Low

EPSS

Percentile

95.0%

JSON

The version of Opera installed on the remote host is earlier than 12.01 and is, therefore, reportedly affected by multiple issues :

  • An error exists in the handling of certain URLs that can lead to memory corruption and possible code execution. (1016)

  • Errors exist in the handling of DOM elements and certain HTML characters that can lead to cross-site scripting. (1025, 1026)

  • Download dialog boxes can be made small enough that users may not realize they are accepting a download and further, executing such a download. (1027)

  • An attacker could cause an application crash by tricking a user into connecting to a malicious site, as demonstrated by the Lenovo ‘Shop Now’ page. (CVE-2012-4146)

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(61414);
  script_version("1.9");
  script_cvs_date("Date: 2019/12/04");

  script_cve_id(
    "CVE-2012-3561",
    "CVE-2012-4142",
    "CVE-2012-4143",
    "CVE-2012-4144",
    "CVE-2012-4145",
    "CVE-2012-4146"
  );
  script_bugtraq_id(
    53474,
    54779,
    54780,
    54782,
    54788,
    55703
  );

  script_name(english:"Opera < 12.01 Multiple Vulnerabilities");
  script_summary(english:"Checks version number of Opera");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains a web browser that is affected by multiple
issues.");
  script_set_attribute(attribute:"description", value:
"The version of Opera installed on the remote host is earlier than
12.01 and is, therefore, reportedly affected by multiple issues :

  - An error exists in the handling of certain URLs that
    can lead to memory corruption and possible code
    execution. (1016)

  - Errors exist in the handling of DOM elements and
    certain HTML characters that can lead to cross-site
    scripting. (1025, 1026)

  - Download dialog boxes can be made small enough that
    users may not realize they are accepting a download
    and further, executing such a download. (1027)

  - An attacker could cause an application crash by tricking
    a user into connecting to a malicious site, as 
    demonstrated by the Lenovo 'Shop Now' page. 
    (CVE-2012-4146)");
  script_set_attribute(attribute:"see_also", value:"http://www.opera.com/support/kb/view/1016/");
  script_set_attribute(attribute:"see_also", value:"http://www.opera.com/support/kb/view/1025/");
  script_set_attribute(attribute:"see_also", value:"http://www.opera.com/support/kb/view/1026/");
  script_set_attribute(attribute:"see_also", value:"http://www.opera.com/support/kb/view/1027/");
  script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20170713150736/http://www.opera.com:80/docs/changelogs/windows/1201/");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Opera 12.01 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-4145");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2012/06/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/06/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:opera:opera_browser");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("opera_installed.nasl");
  script_require_keys("SMB/Opera/Version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

path = get_kb_item_or_exit("SMB/Opera/Path");
version = get_kb_item_or_exit("SMB/Opera/Version");
version_ui = get_kb_item("SMB/Opera/Version_UI");

if (isnull(version_ui)) version_report = version;
else version_report = version_ui; 

fixed_version = "12.1.1532.0";

# Check if we need to display full version info in case of Alpha/Beta/RC
major_minor = eregmatch(string:version, pattern:"^([0-9]+\.[0-9]+)");
if (major_minor[1] == "12.01")
{
  fixed_version_report = fixed_version;
  version_report = version;
}
else fixed_version_report = "12.01";

if (ver_compare(ver:version, fix:fixed_version) == -1)
{
  port = get_kb_item("SMB/transport");
  set_kb_item(name:'www/'+port+'/XSS', value:TRUE);
  if (report_verbosity > 0)
  {
    report = 
      '\n  Path              : ' + path +
      '\n  Installed version : ' + version_report +
      '\n  Fixed version     : ' + fixed_version_report +
      '\n';
    security_hole(port:port, extra:report);
  }
  else security_hole(port);
  exit(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, "Opera", version_report, path);
VendorProductVersionCPE
operaopera_browsercpe:/a:opera:opera_browser

Related

openvas 18
nessus 5
gentoo 2
cve 6
prion 6
nvd 6
cvelist 6
openvas
openvas
Opera Multiple Vulnerabilities - August12 (Linux)
2012-08-08 00:00:00
Opera Multiple Vulnerabilities (Aug 2012) - Windows
2012-08-08 00:00:00
Opera Multiple Vulnerabilities (Aug 2012) - Linux
2012-08-08 00:00:00
nessus
nessus
GLSA-201209-11 : Opera: Multiple vulnerabilities
2012-09-26 00:00:00
Opera < 12.01 Multiple Vulnerabilities
2012-08-24 00:00:00
Opera < 12.01 Multiple Vulnerabilities
2012-08-24 00:00:00
gentoo
gentoo
Opera: Multiple vulnerabilities
2012-09-25 00:00:00
Opera: Multiple vulnerabilities
2012-06-15 00:00:00
cve
cve
CVE-2012-4146
2022-10-03 16:15:32
CVE-2012-3561
2012-06-14 19:55:01
CVE-2012-4145
2022-10-03 16:15:33
prion
prion
Cross site scripting
2012-08-06 16:55:00
Design/Logic Flaw
2012-08-06 16:55:00
Cross site scripting
2012-08-06 16:55:00
nvd
nvd
CVE-2012-4144
2012-08-06 16:55:07
CVE-2012-4146
2012-08-06 16:55:07
CVE-2012-4145
2012-08-06 16:55:07
cvelist
cvelist
CVE-2012-4146
2022-10-03 16:15:32
CVE-2012-4144
2022-10-03 16:15:32
CVE-2012-4145
2022-10-03 16:15:33

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.1 Low

EPSS

Percentile

95.0%

JSON
Related for OPERA_1201.NASL
openvas18nessus5gentoo2cve6prion6nvd6cvelist6