ID CVE-2006-1834
Summary Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings.
References
Vulnerable Configurations
  • Opera Browser 1.00
    cpe:2.3:a:opera:opera_browser:1.00
  • Opera Browser 2.00
    cpe:2.3:a:opera:opera_browser:2.00
  • Opera Browser 2.10
    cpe:2.3:a:opera:opera_browser:2.10
  • Opera Browser 2.10b1
    cpe:2.3:a:opera:opera_browser:2.10:beta1
  • Opera Browser 2.10b2
    cpe:2.3:a:opera:opera_browser:2.10:beta2
  • Opera Browser 2.10b3
    cpe:2.3:a:opera:opera_browser:2.10:beta3
  • Opera Browser 2.12
    cpe:2.3:a:opera:opera_browser:2.12
  • Opera Browser 3.00
    cpe:2.3:a:opera:opera_browser:3.00
  • Opera Browser 3.00b
    cpe:2.3:a:opera:opera_browser:3.00:beta
  • Opera Browser 3.10
    cpe:2.3:a:opera:opera_browser:3.10
  • Opera Browser 3.21
    cpe:2.3:a:opera:opera_browser:3.21
  • Opera Browser 3.50
    cpe:2.3:a:opera:opera_browser:3.50
  • Opera Browser 3.51
    cpe:2.3:a:opera:opera_browser:3.51
  • Opera Browser 3.60
    cpe:2.3:a:opera:opera_browser:3.60
  • Opera Browser 3.61
    cpe:2.3:a:opera:opera_browser:3.61
  • Opera Browser 3.62
    cpe:2.3:a:opera:opera_browser:3.62
  • Opera Browser 3.62b
    cpe:2.3:a:opera:opera_browser:3.62:beta
  • Opera Browser 4.00
    cpe:2.3:a:opera:opera_browser:4.00
  • Opera Browser 4.00b2
    cpe:2.3:a:opera:opera_browser:4.00:beta2
  • Opera Browser 4.00b3
    cpe:2.3:a:opera:opera_browser:4.00:beta3
  • Opera Browser 4.00b4
    cpe:2.3:a:opera:opera_browser:4.00:beta4
  • Opera Browser 4.00b5
    cpe:2.3:a:opera:opera_browser:4.00:beta5
  • Opera Browser 4.00b6
    cpe:2.3:a:opera:opera_browser:4.00:beta6
  • Opera Browser 4.01
    cpe:2.3:a:opera:opera_browser:4.01
  • Opera Browser 4.02
    cpe:2.3:a:opera:opera_browser:4.02
  • Opera Browser 5.0
    cpe:2.3:a:opera:opera_browser:5.0
  • Opera Browser 5.0 beta 2
    cpe:2.3:a:opera:opera_browser:5.0:beta2
  • Opera Browser 5.0 beta 3
    cpe:2.3:a:opera:opera_browser:5.0:beta3
  • Opera Browser 5.0 beta 4
    cpe:2.3:a:opera:opera_browser:5.0:beta4
  • Opera Browser 5.0 beta 5
    cpe:2.3:a:opera:opera_browser:5.0:beta5
  • Opera Browser 5.0 beta 6
    cpe:2.3:a:opera:opera_browser:5.0:beta6
  • Opera Browser 5.0 beta 7
    cpe:2.3:a:opera:opera_browser:5.0:beta7
  • Opera Browser 5.0 beta 8
    cpe:2.3:a:opera:opera_browser:5.0:beta8
  • Opera Browser 5.02
    cpe:2.3:a:opera:opera_browser:5.02
  • Opera Browser 5.10
    cpe:2.3:a:opera:opera_browser:5.10
  • Opera Browser 5.11
    cpe:2.3:a:opera:opera_browser:5.11
  • Opera Browser 5.12
    cpe:2.3:a:opera:opera_browser:5.12
  • Opera Browser 6.0
    cpe:2.3:a:opera:opera_browser:6.0
  • Opera Browser 6.0 beta 1
    cpe:2.3:a:opera:opera_browser:6.0:beta1
  • Opera Browser 6.0 beta 2
    cpe:2.3:a:opera:opera_browser:6.0:beta2
  • Opera Browser 6.0 TP 1
    cpe:2.3:a:opera:opera_browser:6.0:tp1
  • Opera Browser 6.0 TP 2
    cpe:2.3:a:opera:opera_browser:6.0:tp2
  • Opera Browser 6.0 TP 3
    cpe:2.3:a:opera:opera_browser:6.0:tp3
  • Opera Browser 6.01
    cpe:2.3:a:opera:opera_browser:6.01
  • Opera Browser 6.1 beta 1
    cpe:2.3:a:opera:opera_browser:6.1:beta1
  • Opera Browser 6.02
    cpe:2.3:a:opera:opera_browser:6.02
  • Opera Browser 6.03
    cpe:2.3:a:opera:opera_browser:6.03
  • Opera Browser 6.04
    cpe:2.3:a:opera:opera_browser:6.04
  • Opera Browser 6.05
    cpe:2.3:a:opera:opera_browser:6.05
  • Opera Browser 6.06
    cpe:2.3:a:opera:opera_browser:6.06
  • Opera Browser 6.11
    cpe:2.3:a:opera:opera_browser:6.11
  • Opera Browser 6.12
    cpe:2.3:a:opera:opera_browser:6.12
  • Opera Browser 7.0
    cpe:2.3:a:opera:opera_browser:7.0
  • Opera Browser 7.0 beta 1
    cpe:2.3:a:opera:opera_browser:7.0:beta1
  • Opera Browser 7.0 beta 1 v2
    cpe:2.3:a:opera:opera_browser:7.0:beta1_v2
  • Opera Browser 7.0 beta 2
    cpe:2.3:a:opera:opera_browser:7.0:beta2
  • Opera Browser 7.01
    cpe:2.3:a:opera:opera_browser:7.01
  • Opera Browser 7.02
    cpe:2.3:a:opera:opera_browser:7.02
  • Opera Browser 7.03
    cpe:2.3:a:opera:opera_browser:7.03
  • Opera Browser 7.10
    cpe:2.3:a:opera:opera_browser:7.10
  • Opera Browser 7.10 beta 1
    cpe:2.3:a:opera:opera_browser:7.10:beta1
  • Opera Browser 7.11
    cpe:2.3:a:opera:opera_browser:7.11
  • Opera Browser 7.11 beta 2
    cpe:2.3:a:opera:opera_browser:7.11:beta2
  • Opera Browser 7.20
    cpe:2.3:a:opera:opera_browser:7.20
  • Opera Browser 7.20 beta 7
    cpe:2.3:a:opera:opera_browser:7.20:beta7
  • Opera Browser 7.21
    cpe:2.3:a:opera:opera_browser:7.21
  • Opera Browser 7.22
    cpe:2.3:a:opera:opera_browser:7.22
  • Opera Browser 7.23
    cpe:2.3:a:opera:opera_browser:7.23
  • Opera Browser 7.50
    cpe:2.3:a:opera:opera_browser:7.50
  • Opera Browser 7.50 beta 1
    cpe:2.3:a:opera:opera_browser:7.50:beta1
  • Opera Browser 7.51
    cpe:2.3:a:opera:opera_browser:7.51
  • Opera Browser 7.52
    cpe:2.3:a:opera:opera_browser:7.52
  • Opera Browser 7.53
    cpe:2.3:a:opera:opera_browser:7.53
  • Opera Browser 7.54
    cpe:2.3:a:opera:opera_browser:7.54
  • Opera Browser 7.54 update 1
    cpe:2.3:a:opera:opera_browser:7.54:update1
  • Opera Browser 7.54 update 2
    cpe:2.3:a:opera:opera_browser:7.54:update2
  • Opera Browser 7.60
    cpe:2.3:a:opera:opera_browser:7.60
  • Opera Browser 8.0
    cpe:2.3:a:opera:opera_browser:8.0
  • Opera Browser 8.0 beta 1
    cpe:2.3:a:opera:opera_browser:8.0:beta1
  • Opera Browser 8.0 beta 2
    cpe:2.3:a:opera:opera_browser:8.0:beta2
  • Opera Browser 8.0 beta 3
    cpe:2.3:a:opera:opera_browser:8.0:beta3
  • Opera Browser 8.01
    cpe:2.3:a:opera:opera_browser:8.01
  • Opera Browser 8.02
    cpe:2.3:a:opera:opera_browser:8.02
  • Opera Browser 8.50
    cpe:2.3:a:opera:opera_browser:8.50
  • Opera Browser 8.51
    cpe:2.3:a:opera:opera_browser:8.51
  • Opera Browser 8.52
    cpe:2.3:a:opera:opera_browser:8.52
  • Opera Browser 8.53
    cpe:2.3:a:opera:opera_browser:8.53
CVSS
Base: 5.1 (as of 20-04-2006 - 11:35)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
description Opera Web Browser 8.52 Stylesheet Attribute Buffer Overflow Vulnerability. CVE-2006-1834 . Dos exploit for linux platform
id EDB-ID:27641
last seen 2016-02-03
modified 2006-04-13
published 2006-04-13
reporter SEC Consult
source https://www.exploit-db.com/download/27641/
title Opera Web Browser 8.52 Stylesheet Attribute Buffer Overflow Vulnerability
nessus via4
  • NASL family Windows
    NASL id OPERA_854.NASL
    description The remote host is using Opera, an alternative web browser. The version of Opera installed on the remote host contains a buffer overflow that can be triggered by a long value within a stylesheet attribute. Successful exploitation can lead to a browser crash and possibly allow for the execution of arbitrary code subject to the privileges of the user running Opera.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 21221
    published 2006-04-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21221
    title Opera < 8.54 Multiple Vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200606-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-200606-01 (Opera: Buffer overflow) SEC Consult has discovered a buffer overflow in the code processing style sheet attributes. It is caused by an integer signedness error in a length check followed by a call to a string function. It seems to be hard to exploit this buffer overflow to execute arbitrary code because of the very large amount memory that has to be copied. Impact : A remote attacker can entice a user to visit a web page containing a specially crafted style sheet attribute that will crash the user's browser and maybe lead to the execution of arbitrary code. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 21663
    published 2006-06-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21663
    title GLSA-200606-01 : Opera: Buffer overflow
  • NASL family SuSE Local Security Checks
    NASL id SUSE_OPERA-1313.NASL
    description Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. (CVE-2006-1834)
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27371
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27371
    title openSUSE 10 Security Update : opera (opera-1313)
refmap via4
bid 17513
bugtraq 20060413 SEC Consult SA-20060314 :: Opera Browser CSS Attribute Integer Wrap / Buffer Overflow
confirm http://www.opera.com/docs/changelogs/windows/854/
fulldisc 20060413 SEC Consult SA-20060314 :: Opera Browser CSS Attribute Integer Wrap / Buffer Overflow
gentoo GLSA-200606-01
misc http://www.sec-consult.com/259.html
sectrack 1015912
secunia 20117
suse SUSE-SR:2006:010
vupen ADV-2006-1354
xf opera-wcsncpy-css-bo(25829)
Last major update 17-10-2016 - 23:39
Published 19-04-2006 - 12:06
Last modified 18-10-2018 - 12:36
Back to Top