Signature Detail
Short Name |
HTTP:STC:OPERA:DOCUMENT-WRITE |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Opera Browser Document Writing Uninitialized Memory Access |
Release Date |
2010/10/12 |
Update Number |
1790 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Opera Browser Document Writing Uninitialized Memory Access
This signature detects attempts to exploit a known uninitialized memory access vulnerability in Opera Web browser. It is due to an error while handling asynchronous modifications to an HTML document. A remote attacker can exploit this issue by enticing a target user to open a specifically crafted Web page. Successful exploitation can result in execution of arbitrary code within the security context of the currently logged on user. An unsuccessful exploit attempt can abnormally terminate the affected application.
Extended Description
Opera Web Browser is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code or crash the affected application. Versions prior to Opera 10.53 for Windows and Mac OS are vulnerable.
Affected Products
- Opera Software Opera Web Browser 10
- Opera Software Opera Web Browser 10.01
- Opera Software Opera Web Browser 10.1
- Opera Software Opera Web Browser 10.10
- Opera Software Opera Web Browser 10.50
- Opera Software Opera Web Browser 10.51
- Opera Software Opera Web Browser 10.52
References
- BugTraq: 39855
- CVE: CVE-2010-1728