CERT-In Vulnerability Note CIVN-2008-97
Multiple vulnerabilities in Opera Software
Original Issue Date:
July 04, 2008
Severity Rating:
High
System Affected
- Opera versions prior to 9.51
Overview
Two vulnerabilities have been reported in Opera, exploitation of which could allow an attacker to execute arbitrary code or access sensitive data.
Description
1. Remote Code Execution vulnerability
(CVE-2008-3079)
This vulnerability is due to an unspecified error, which can be exploited by an attacker to execute arbitrary code. Successful exploitation of this vulnerability allows the remote attacker to gain access of the affected system.
2. ‘canvas' function information disclosure vulnerability
(CVE-2008-3078)
This vulnerability is due to a flaw when handling certain canvas functions, which cause the canvas to be painted with very small amounts of data constructed from random memory. The resulting canvas image can be read and analyzed by JavaScript, so that an attacker can get random samples of the user's memory, which may contain sensitive data.
Solution
Upgrade to version 9.51
http://www.opera.com/download/
Vendor Information
Opera
http://www.opera.com/support/search/view/887/
http://www.opera.com/docs/changelogs/windows/951/
http://www.opera.com/docs/changelogs/linux/951/
References
Secunia
http://secunia.com/advisories/30935/
http://secunia.com/advisories/30937/
SecurityTracker
http://www.securitytracker.com/alerts/2008/Jul/1020430.html
CVE Name
CVE-2008-3079
CVE-2008-3078
Disclaimer The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
