CERT-In Vulnerability Note CIVN-2009-30
Multiple Vulnerabilities in Opera
Original Issue Date:March 04, 2009
Severity Rating:
High
Systems Affected
- Opera versions prior to 9.64
Overview
Multiple vulnerabilities have been reported in Opera, which can be exploited by an attacker to execute arbitrary code or conduct cross-site scripting attacks.
Description
1. malformed JPEG Image Processing Memory Corruption Vulnerability
This vulnerability is due to an unspecified error in the processing of JPEG images which will trigger a memory corruption and crash. An unauthenticated, remote attacker could exploit this vulnerability using a specially crafted JPEG image to execute arbitrary code.
2. Plug-ins related Cross-Site Scripting Vulnerability
This vulnerability is caused by an unspecified error related to plug-ins, which could be exploited to conduct cross-site scripting attacks.
Solution
Upgrade to Opera 9.64 or later
http://www.opera.com/browser/download/
Vendor Information
Opera
http://www.opera.com/docs/changelogs/windows/964
http://www.opera.com/support/kb/view/926
References
Opera
http://www.opera.com/docs/changelogs/windows/964
http://www.opera.com/support/kb/view/926
SecurityFocus
http://www.securityfocus.com/bid/33961/
Security Tracker
http://www.securitytracker.com/alerts/2009/Mar/1021782.html
VUPEN
http://www.vupen.com/english/advisories/2009/0586
Disclaimer The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
