Opera Custom Shortcut or Menu Command Processing Bug Lets Remote Users Execute Arbitrary Code
|
SecurityTracker Alert ID: 1020720 |
SecurityTracker URL: http://securitytracker.com/id/1020720
|
CVE Reference:
CVE-2008-4197
(Links to External Site)
|
Updated: Mar 19 2009
|
Original Entry Date: Aug 20 2008
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 9.52
|
Description:
A vulnerability was reported in Opera. A remote user can cause arbitrary code to be executed on the target user's system.
Custom shortcut and menu commands used to activate external applications may use uninitialized memory, potentially interpreting the data from memory as additional parameters to be passed to the external applications.
A remote user can create a specially crafted shortcut or menu command that, when executed by the target user, may be able to execute arbitrary code on the target user's system.
Michael A. Puls II reported this vulnerability.
|
Impact:
A remote user can create a custom shortcut or menu command that, when executed by the target user, will execute arbitrary code on the target user's system.
|
Solution:
The vendor has issued a fixed version (9.52).
The vendor's advisory is available at:
http://www.opera.com/support/search/view/894/
|
Vendor URL: www.opera.com/support/search/view/894/ (Links to External Site)
|
Cause:
State error
|
Underlying OS: Linux (Any), UNIX (FreeBSD), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
[Original Message Not Available for Viewing]
|
|