CVE-2010-1349 - Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via

CVE-2010-1349

Summary

Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value, which triggers a heap overflow. Per: http://my.opera.com/securitygroup/blog/2010/03/09/the-malformed-content-length-header-security-issue 'We also determined that the problem only existed in our Windows version. '

References

Vulnerable Configurations

cpe:2.3:a:opera:opera_browser:10.10:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:10.10:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:10.50:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:10.50:*:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:10.50:beta_1:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:10.50:beta_1:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:10.50:beta_2:*:*:*:*:*:*
cpe:2.3:a:opera:opera_browser:10.50:beta_2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 17-08-2017 - 01:32)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	38519
confirm	http://my.opera.com/securitygroup/blog/2010/03/09/the-malformed-content-length-header-security-issue http://www.opera.com/support/kb/view/948/
exploit-db	11622
osvdb	62714
sectrack	1023690
secunia	38820
vupen	ADV-2010-0529
xf	opera-contentlength-bo(56673)

Last major update

17-08-2017 - 01:32

Published

12-04-2010 - 18:30

Last modified

17-08-2017 - 01:32