Opera < 9.10 Multiple Vulnerabilities

2007-01-06T00:00:00
ID OPERA_910.NASL
Type nessus
Reporter This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
Modified 2020-01-02T00:00:00

Description

The version of Opera installed on the remote host reportedly contains a heap overflow vulnerability that can be triggered when processing the DHT marker in a specially crafted JPEG image to crash the browser or possibly allow execution of arbitrary code on the affected host.

In addition, another flaw in Opera

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(23977);
  script_version("1.20");

  script_cve_id("CVE-2007-0126", "CVE-2007-0127");
  script_bugtraq_id(21882);

  script_name(english:"Opera < 9.10 Multiple Vulnerabilities");
  script_summary(english:"Checks version number of Opera");

 script_set_attribute(attribute:"synopsis", value:
"The remote host contains a web browser that is susceptible to
multiple issues." );
 script_set_attribute(attribute:"description", value:
"The version of Opera installed on the remote host reportedly contains
a heap overflow vulnerability that can be triggered when processing
the DHT marker in a specially crafted JPEG image to crash the browser
or possibly allow execution of arbitrary code on the affected host. 

In addition, another flaw in Opera's createSVGTransformFromMatrix
object typecasting may lead to a browser crash or arbitrary code
execution if support for JavaScript is enabled." );
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1e804d36" );
 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1770d0e0" );
 script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/456053" );
 script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/456066" );
 script_set_attribute(attribute:"see_also", value:"http://www.opera.com/support/search/supsearch.dml?index=851" );
 script_set_attribute(attribute:"see_also", value:"http://www.opera.com/support/search/supsearch.dml?index=852" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to Opera version 9.10 or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_cwe_id(94, 119);
 script_set_attribute(attribute:"plugin_publication_date", value: "2007/01/06");
 script_set_attribute(attribute:"vuln_publication_date", value: "2007/01/05");
 script_cvs_date("Date: 2018/11/15 20:50:28");
 script_set_attribute(attribute:"patch_publication_date", value: "2007/01/05");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:opera:opera_browser");
script_end_attributes();


  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");

  script_dependencies("opera_installed.nasl");
  script_require_keys("SMB/Opera/Version_UI");

  exit(0);
}


include("global_settings.inc");


version_ui = get_kb_item("SMB/Opera/Version_UI");
if (isnull(version_ui)) exit(0);

if (version_ui =~ "^9\.0[0-9]($|[^0-9])")
{
  if (report_verbosity)
  {
    report = string(
      "\n",
      "Opera version ", version_ui, " is currently installed on the remote host.\n"
    );
    security_hole(port:get_kb_item("SMB/transport"), extra:report);
  }
  else security_hole(get_kb_item("SMB/transport"));
}