7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.086 Low
EPSS
Percentile
94.5%
The version of Opera installed on the remote host reportedly contains an issue that presents itself when the height and width parameters of a JPEG image are set excessively high, causing Opera to allocate insufficient memory for the image and crash as it tries to write to memory at the wrong location.
In addition, it is reportedly affected by a flaw that may allow an attacker to display an SSL certificate from a trusted site on an untrusted one.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(21786);
script_version("1.18");
script_cve_id("CVE-2006-3198", "CVE-2006-3331");
script_bugtraq_id(18594, 18692);
script_name(english:"Opera < 9.00 Multiple Vulnerabilities");
script_summary(english:"Checks version number of Opera");
script_set_attribute(attribute:"synopsis", value:
"The remote host contains a web browser that is affected by multiple
issues." );
script_set_attribute(attribute:"description", value:
"The version of Opera installed on the remote host reportedly contains
an issue that presents itself when the height and width parameters of
a JPEG image are set excessively high, causing Opera to allocate
insufficient memory for the image and crash as it tries to write to
memory at the wrong location.
In addition, it is reportedly affected by a flaw that may allow an
attacker to display an SSL certificate from a trusted site on an
untrusted one." );
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/438074/30/0/threaded" );
script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20061016111151/http://www.opera.com/support/search/supsearch.dml?index=834" );
script_set_attribute(attribute:"see_also", value:"https://secuniaresearch.flexerasoftware.com/secunia_research/2006-49/advisory/" );
script_set_attribute(attribute:"solution", value:
"Upgrade to Opera version 9.00 or later." );
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_publication_date", value: "2006/06/30");
script_set_attribute(attribute:"vuln_publication_date", value: "2006/06/22");
script_cvs_date("Date: 2018/11/15 20:50:28");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:opera:opera_browser");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
script_dependencies("opera_installed.nasl");
script_require_keys("SMB/Opera/Version_UI");
exit(0);
}
include("global_settings.inc");
version_ui = get_kb_item("SMB/Opera/Version_UI");
if (isnull(version_ui)) exit(0);
if (version_ui =~ "^([0-8]\.|9\.00 [Bb]eta)")
{
if (report_verbosity)
{
report = string(
"\n",
"Opera version ", version_ui, " is currently installed on the remote host.\n"
);
security_hole(port:get_kb_item("SMB/transport"), extra:report);
}
else security_hole(get_kb_item("SMB/transport"));
}
Vendor | Product | Version | CPE |
---|---|---|---|
opera | opera_browser | cpe:/a:opera:opera_browser |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3198
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3331
web.archive.org/web/20061016111151/http://www.opera.com/support/search/supsearch.dml?index=834
secuniaresearch.flexerasoftware.com/secunia_research/2006-49/advisory/
www.securityfocus.com/archive/1/438074/30/0/threaded