Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200701-08] Opera: Two remote code execution vulnerabilities

Vulnerability Assessment Details

[GLSA-200701-08] Opera: Two remote code execution vulnerabilities
Vulnerability Assessment Summary
Opera: Two remote code execution vulnerabilities

Detailed Explanation for this Vulnerability Assessment
The remote host is affected by the vulnerability described in GLSA-200701-08
(Opera: Two remote code execution vulnerabilities)


Christoph Deal discovered that JPEG files with a specially crafted DHT
marker can be exploited to cause a heap overflow. Furthermore, an
anonymous person discovered that Opera does not correctly handle
objects passed to the "createSVGTransformFromMatrix()" function.

Impact

A possible hacker could potentially exploit the vulnerabilities to execute
arbitrary code with the rights of the user running Opera by
enticing a victim to open a specially crafted JPEG file or a website
containing malicious JavaScript code.

Workaround

The vendor recommends disabling JavaScript to avoid the
"createSVGTransformFromMatrix" vulnerability. There is no known
workaround for the other vulnerability.

References:
http://www.opera.com/support/search/supsearch.dml?index=851
http://www.opera.com/support/search/supsearch.dml?index=852
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0127


Solution:
All Opera users should update to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/opera-9.10"


Network Security Threat Level: Medium


Networks Security ID:

Vulnerability Assessment Copyright: (C) 2007 Michel Arboi
Cables, Connectors


Dell PowerEdge R720 Server - 2x8c CPU,256Gb RAM, 128Gb SSD/3x600Gb SAS, Proxmox picture

Dell PowerEdge R720 Server - 2x8c CPU,256Gb RAM, 128Gb SSD/3x600Gb SAS, Proxmox

$360.00


CSE-118 Supermicro 1U GPU Server 2.6Ghz 28-C 128GB 2x Nvidia K40 GPU 2x1600W PSU picture

CSE-118 Supermicro 1U GPU Server 2.6Ghz 28-C 128GB 2x Nvidia K40 GPU 2x1600W PSU

$580.03


Supermicro 4U 36 Bay Storage Server 2.2Ghz 16-C 128GB 1x1280W Rails TrueNAS ZFS picture

Supermicro 4U 36 Bay Storage Server 2.2Ghz 16-C 128GB 1x1280W Rails TrueNAS ZFS

$725.06


CSE-118 Supermicro 1U 3x GPU Server 2.1Ghz 16-C 128GB CX353A 2x1600W PSU Rails picture

CSE-118 Supermicro 1U 3x GPU Server 2.1Ghz 16-C 128GB CX353A 2x1600W PSU Rails

$450.03


Intel Xeon Gold 6140 SR3AX 2.3GHz 18-Core Processor CPU picture

Intel Xeon Gold 6140 SR3AX 2.3GHz 18-Core Processor CPU

$44.99


Intel Xeon E5-2697 v2 2.7GHz 30M 12-Core LGA2011 CPU Processor SR19H picture

Intel Xeon E5-2697 v2 2.7GHz 30M 12-Core LGA2011 CPU Processor SR19H

$27.99


Intel Xeon E5-2680 v4 2.4GHz 35MB 14-Core 120W LGA2011-3 SR2N7 picture

Intel Xeon E5-2680 v4 2.4GHz 35MB 14-Core 120W LGA2011-3 SR2N7

$17.99


HP Z4G4 Intel Xeon W2133-3.6 GHz, 256 NVME, 6TB HDD, 32GB RAM P620 NO OS picture

HP Z4G4 Intel Xeon W2133-3.6 GHz, 256 NVME, 6TB HDD, 32GB RAM P620 NO OS

$265.00


Dell Precision T5600/t5610 Xeon E5-2670 2.6Ghz 16GB DDR3 RAM NO HDD Nvidia picture

Dell Precision T5600/t5610 Xeon E5-2670 2.6Ghz 16GB DDR3 RAM NO HDD Nvidia

$85.50


Lenovo ThinkStation P920 1.5TB SSD OS Intel Xeon Silver, 2.40 GHz 16GB Desktop picture

Lenovo ThinkStation P920 1.5TB SSD OS Intel Xeon Silver, 2.40 GHz 16GB Desktop

$630.00


Discussions

No Discussions have been posted on this vulnerability.