Opera protocol handler code execution
| opera-protocolhandler-code-execution (44547) |  High Risk |
Description:
Opera could allow a remote attacker to execute arbitrary code on the system, caused by an unspecified error when it is registered as a protocol handler. By initiating a startup using external applications, a remote attacker could exploit this vulnerability to execute arbitrary code or cause the system to crash.
Platforms Affected:
- Opera, Opera 9.0
- Opera, Opera 9.10
- Opera, Opera 9.2
- Opera, Opera 9.21
- Opera, Opera 9.22
- Opera, Opera 9.23
- Opera, Opera 9.24
- Opera, Opera 9.25
- Opera, Opera 9.26
- Opera, Opera 9.27
- Opera, Opera 9.50
- Opera, Opera 9.51
Remedy:
Upgrade to the latest version of Opera (9.52 or later), available from the Opera Web site. See References.
Consequences:
Gain Access
References:
- Opera Download Web site, Download Opera Web Browser at http://www.opera.com/download/.
- Opera Software Knowledge Base Article 892, Advisory: Startup crash can allow execution of arbitrary code at http://www.opera.com/support/search/view/892/.
- Opera Web site, Opera 9.52 for Windows Changelog at http://www.opera.com/docs/changelogs/windows/952/.
- CVE-2008-4293: Unspecified vulnerability in Opera before 9.52 on Windows, when registered as a protocol handler, allows remote attackers to execute arbitrary code via unknown vectors in which Opera is launched by other applications.
- SA31549: Opera Multiple Vulnerabilities
Reported:
Aug 20, 2008
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net