Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.OPERA_923.NASL
HistoryAug 16, 2007 - 12:00 a.m.

Opera < 9.23 Crafted Javascript Arbitrary Code Execution

2007-08-1600:00:00
This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
www.tenable.com
13
JSON

The version of Opera installed on the remote host reportedly allows for execution of arbitrary code via specially crafted JavaScript if a user can be tricked into visiting a malicious site.

#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if (description)
{
  script_id(25900);
  script_version("1.16");

  script_cve_id("CVE-2007-4367");
  script_bugtraq_id(25331);

  script_name(english:"Opera < 9.23 Crafted Javascript Arbitrary Code Execution");
  script_summary(english:"Checks version number of Opera");

 script_set_attribute(attribute:"synopsis", value:
"The remote host contains a web browser that is affected by an
arbitrary code execution vulnerability." );
 script_set_attribute(attribute:"description", value:
"The version of Opera installed on the remote host reportedly allows
for execution of arbitrary code via specially crafted JavaScript if a
user can be tricked into visiting a malicious site." );
 script_set_attribute(attribute:"see_also", value:"http://www.opera.com/support/search/view/865/" );
 script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20170713152242/http://www.opera.com:80/docs/changelogs/windows/923/" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to Opera version 9.23 or later." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_set_attribute(attribute:"plugin_publication_date", value: "2007/08/16");
 script_set_attribute(attribute:"vuln_publication_date", value: "2007/08/15");
 script_cvs_date("Date: 2018/11/15 20:50:28");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:opera:opera_browser");
script_end_attributes();


  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");

  script_dependencies("opera_installed.nasl");
  script_require_keys("SMB/Opera/Version_UI");

  exit(0);
}


include("global_settings.inc");


version_ui = get_kb_item("SMB/Opera/Version_UI");
if (isnull(version_ui)) exit(0);

if (version_ui =~ "^([0-8]\.|9\.([01][0-9]|2[0-2])($|[^0-9]))")
{
  if (report_verbosity)
  {
    report = string(
      "\n",
      "Opera version ", version_ui, " is currently installed on the remote host.\n"
    );
    security_hole(port:get_kb_item("SMB/transport"), extra:report);
  }
  else security_hole(get_kb_item("SMB/transport"));
}
VendorProductVersionCPE
operaopera_browsercpe:/a:opera:opera_browser

Related

ubuntucve 1
openvas 3
suse 1
nessus 2
prion 1
cve 1
gentoo 1
ubuntucve
ubuntucve
CVE-2007-4367
2007-08-15 00:00:00
openvas
openvas
SuSE Update for opera SUSE-SA:2007:050
2009-01-28 00:00:00
Gentoo Security Advisory GLSA 200708-17 (opera)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200708-17 (opera)
2008-09-24 00:00:00
suse
suse
remote code execution in opera
2007-08-30 13:53:19
nessus
nessus
openSUSE 10 Security Update : opera (opera-4172)
2007-10-17 00:00:00
GLSA-200708-17 : Opera: Multiple vulnerabilities
2007-09-14 00:00:00
prion
prion
Design/Logic Flaw
2007-08-15 23:17:00
cve
cve
CVE-2007-4367
2007-08-15 23:17:00
gentoo
gentoo
Opera: Multiple vulnerabilities
2007-08-22 00:00:00
JSON
Related for OPERA_923.NASL
ubuntucve1openvas3suse1nessus2prion1cve1gentoo1