Design/Logic Flaw

2007-01-0902:28:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.163 Low

EPSS

Percentile

95.8%

JSON

The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call.

CPENameOperatorVersion
opera_browsereq4.01
opera_browsereq7.01
opera_browsereq7.23
opera_browsereq2.10
opera_browsereq2.10 beta2
opera_browsereq7.03
opera_browsereq7.53
opera_browsereq4.0 beta6
opera_browsereq8.50
opera_browsereq4.0 beta3

Name	Operator	Version
opera_browser	eq	4.01
opera_browser	eq	7.01
opera_browser	eq	7.23
opera_browser	eq	2.10
opera_browser	eq	2.10 beta2
opera_browser	eq	7.03
opera_browser	eq	7.53
opera_browser	eq	4.0 beta6
opera_browser	eq	8.50
opera_browser	eq	4.0 beta3