|
Family: Windows --> Category: infos
Opera remote location object cross-domain scripting vulnerability Vulnerability Scan
Vulnerability Scan Summary Acertains the version of Opera.exe
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote host contains a web browser that is affected by
multiple flaws.
Description :
The version of Opera on the remote host fails to block write access to
the 'location' object. This could allow a user to create a specially
crafted URL to overwrite methods within the 'location' object that would
execute arbitrary code in a user's browser within the trust relationship
between the browser and the server, leading to a loss of confidentiality
and integrity.
See also :
http://www.greymagic.com/security/advisories/gm008-op/
http://www.opera.com/docs/changelogs/windows/754/
Solution :
Upgrade to Opera 7.54 or newer.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:N/I:P/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|