Signature Detail
Short Name |
HTTP:STC:OPERA:FILE-URL-OF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Opera File URL Overflow |
Release Date |
2009/08/18 |
Update Number |
1484 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Opera File URL Overflow
This signature detects attempts to exploit a known vulnerability in Opera Software (version 9.62 and prior). An attacker can create a malicious Web site containing dangerous URL links, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Opera Web Browser is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer. Attackers can exploit this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Opera Web Browser 9.62 is vulnerable; other versions may also be affected.
Affected Products
- Gentoo Linux
- Opera Software Opera Web Browser 9
- Opera Software Opera Web Browser 9.01
- Opera Software Opera Web Browser 9.02
- Opera Software Opera Web Browser 9.10
- Opera Software Opera Web Browser 9.20
- Opera Software Opera Web Browser 9.20 Beta 1
- Opera Software Opera Web Browser 9.21
- Opera Software Opera Web Browser 9.22
- Opera Software Opera Web Browser 9.23
- Opera Software Opera Web Browser 9.24
- Opera Software Opera Web Browser 9.25
- Opera Software Opera Web Browser 9.26
- Opera Software Opera Web Browser 9.27
- Opera Software Opera Web Browser 9.5
- Opera Software Opera Web Browser 9.50 Beta
- Opera Software Opera Web Browser 9.51
- Opera Software Opera Web Browser 9.52
- Opera Software Opera Web Browser 9.60
- Opera Software Opera Web Browser 9.60 Beta 1
- Opera Software Opera Web Browser 9.61
- Opera Software Opera Web Browser 9.62
References
- CVE: CVE-2008-5683
- CVE: CVE-2008-5178
- CVE: CVE-2008-5679
- CVE: CVE-2008-5680
- CVE: CVE-2008-5681
- CVE: CVE-2008-5682