vendor:
Opera
by:
Maksymilian Arciemowicz and sp3x
7.5
CVSS
HIGH
Remote Array Overrun
120
CWE
Product Name: Opera
Affected Version From: Opera 10.01
Affected Version To: Opera 10.10 Beta
Patch Exists: YES
Related CWE: CVE-2009-0689
CPE: a:opera_software:opera
Metasploit:
https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0153/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0154/, https://www.rapid7.com/db/vulnerabilities/apple-osx-libsystem-cve-2009-0689/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2014-0312/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-1601/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2014-0311/, https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2009-0689/, https://www.rapid7.com/db/vulnerabilities/debian-cve-2009-0689/, https://www.rapid7.com/db/vulnerabilities/freebsd-vid-4b3a7e70-afce-11e5-b864-14dae9d210b8/, https://www.rapid7.com/db/vulnerabilities/mfsa2009-59-cve-2009-0689/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-0689/
Other Scripts:
https://www.infosecmatter.com/nessus-plugin-library/?id=46271, https://www.infosecmatter.com/nessus-plugin-library/?id=63923, https://www.infosecmatter.com/nessus-plugin-library/?id=42890, https://www.infosecmatter.com/nessus-plugin-library/?id=42288, https://www.infosecmatter.com/nessus-plugin-library/?id=45372, https://www.infosecmatter.com/nessus-plugin-library/?id=42287, https://www.infosecmatter.com/nessus-plugin-library/?id=45093, https://www.infosecmatter.com/nessus-plugin-library/?id=45373, https://www.infosecmatter.com/nessus-plugin-library/?id=67948, https://www.infosecmatter.com/nessus-plugin-library/?id=43379
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2009
Opera 10.01 Remote Array Overrun (Arbitrary code execution)
The main problem exist in dtoa implementation. Opera has a very similar dtoa algorithm to the BSD, Chrome and Mozilla products. It is the same issue like SREASONRES:20090625. A Proof of Concept (PoC) can be created to cause Opera to crash. If a PoC is used with Opera to see this PoC, Opera will crash.
Mitigation:
Update to the latest version of Opera.