CERT-In Vulnerability Note CIVN-2008-50
Opera Web Browser Multiple Remote Code Execution Vulnerabilities

Original Issue Date: May 01, 2008

Severity Rating: High

System Affected

• Opera versions prior to 9.27

Overview

Multiple vulnerabilities have been reported in Opera, which could be exploited by remote attackers to cause a denial of service and take complete control of an affected system.

Description

1. Opera Newsfeed code execution vulnerability
   (CVE-2008-1761, CWE-399)

A vulnerability has been reported in Opera due to an invalid memory access while processing newsfeeds by tricking a user into visiting a Web site containing a specially-crafted newsfeed source. This vulnerability could be exploited by remote attacker to crash an affected browser and execute arbitrary code via a specially crafted newsfeed source.

2. Opera HTML CANVAS code execution vulnerability
   (CVE-2008-1762, CWE-399)

Solution

Upgrade to Opera version 9.27
http://www.opera.com/download/


Vendor Information

Opera
http://www.opera.com/docs/changelogs/linux/927/ http://www.opera.com/docs/changelogs/windows/927/
http://www.opera.com/support/search/view/881/
http://www.opera.com/support/search/view/882/

References

SecurityFocus
http://www.securityfocus.com/bid/28585

Secunia
http://secunia.com/advisories/29662

X-Force
http://xforce.iss.net/xforce/xfdb/41625

FrSIRT
http://www.frsirt.com/english/advisories/2008/1084/references

CVE Name
CVE-2008-1761
CVE-2008-1762

CWE Name
CWE-399

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003