SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Opera Vendors:   Opera Software
Opera Custom Shortcut or Menu Command Processing Bug Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1020720
SecurityTracker URL:  http://securitytracker.com/id/1020720
CVE Reference:   CVE-2008-4197   (Links to External Site)
Updated:  Mar 19 2009
Original Entry Date:  Aug 20 2008
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 9.52
Description:   A vulnerability was reported in Opera. A remote user can cause arbitrary code to be executed on the target user's system.

Custom shortcut and menu commands used to activate external applications may use uninitialized memory, potentially interpreting the data from memory as additional parameters to be passed to the external applications.

A remote user can create a specially crafted shortcut or menu command that, when executed by the target user, may be able to execute arbitrary code on the target user's system.

Michael A. Puls II reported this vulnerability.
Impact:   A remote user can create a custom shortcut or menu command that, when executed by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued a fixed version (9.52).

The vendor's advisory is available at:

http://www.opera.com/support/search/view/894/
Vendor URL:  www.opera.com/support/search/view/894/ (Links to External Site)
Cause:   State error
Underlying OS:  Linux (Any), UNIX (FreeBSD), UNIX (Solaris - SunOS), Windows (Any)

Message History:   None.

 Source Message Contents


[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC