ID CVE-2011-2639
Summary Opera before 11.10 does not properly handle hidden animated GIF images, which allows remote attackers to cause a denial of service (CPU consumption) via an image file that triggers continual repaints.
References
Vulnerable Configurations
  • Opera Browser 9.61
    cpe:2.3:a:opera:opera_browser:9.61
  • Opera Browser 9.62
    cpe:2.3:a:opera:opera_browser:9.62
  • Opera Browser 9.64
    cpe:2.3:a:opera:opera_browser:9.64
  • Opera Browser 9.60 beta 1
    cpe:2.3:a:opera:opera_browser:9.60:beta1
  • Opera Browser 9.63
    cpe:2.3:a:opera:opera_browser:9.63
  • Opera Browser 5.0 beta 5
    cpe:2.3:a:opera:opera_browser:5.0:beta5
  • Opera Browser 5.0 beta 4
    cpe:2.3:a:opera:opera_browser:5.0:beta4
  • Opera Browser 5.0 beta 3
    cpe:2.3:a:opera:opera_browser:5.0:beta3
  • Opera Browser 5.0 beta 2
    cpe:2.3:a:opera:opera_browser:5.0:beta2
  • Opera Browser 5.0
    cpe:2.3:a:opera:opera_browser:5.0
  • Opera Browser 5.0 beta 8
    cpe:2.3:a:opera:opera_browser:5.0:beta8
  • Opera Browser 5.0 beta 7
    cpe:2.3:a:opera:opera_browser:5.0:beta7
  • Opera Browser 5.0 beta 6
    cpe:2.3:a:opera:opera_browser:5.0:beta6
  • Opera Browser 6.0 beta 2
    cpe:2.3:a:opera:opera_browser:6.0:beta2
  • Opera Browser 6.0 TP 3
    cpe:2.3:a:opera:opera_browser:6.0:tp3
  • Opera Browser 6.0 TP 2
    cpe:2.3:a:opera:opera_browser:6.0:tp2
  • Opera Browser 6.0 TP 1
    cpe:2.3:a:opera:opera_browser:6.0:tp1
  • Opera Browser 9.23
    cpe:2.3:a:opera:opera_browser:9.23
  • Opera Browser 9.26
    cpe:2.3:a:opera:opera_browser:9.26
  • Opera Browser 9.27
    cpe:2.3:a:opera:opera_browser:9.27
  • Opera Browser 9.24
    cpe:2.3:a:opera:opera_browser:9.24
  • Opera Browser 9.25
    cpe:2.3:a:opera:opera_browser:9.25
  • Opera Browser 9.50
    cpe:2.3:a:opera:opera_browser:9.50
  • Opera Browser 9.60
    cpe:2.3:a:opera:opera_browser:9.60
  • Opera Browser 9.52
    cpe:2.3:a:opera:opera_browser:9.52
  • Opera Browser 10.50
    cpe:2.3:a:opera:opera_browser:10.50
  • Opera Browser 10.01
    cpe:2.3:a:opera:opera_browser:10.01
  • Opera Browser 9.51
    cpe:2.3:a:opera:opera_browser:9.51
  • Opera Browser 10.10
    cpe:2.3:a:opera:opera_browser:10.10
  • Opera Browser 10.52
    cpe:2.3:a:opera:opera_browser:10.52
  • Opera Browser 10.53
    cpe:2.3:a:opera:opera_browser:10.53
  • Opera Browser 10.50 beta 1
    cpe:2.3:a:opera:opera_browser:10.50:beta1
  • Opera Browser 10.50 beta 2
    cpe:2.3:a:opera:opera_browser:10.50:beta2
  • Opera Browser 10.00 beta 3
    cpe:2.3:a:opera:opera_browser:10.00:beta3
  • Opera Browser 10.10 beta 1
    cpe:2.3:a:opera:opera_browser:10.10:beta1
  • Opera Browser 10.00
    cpe:2.3:a:opera:opera_browser:10.00
  • Opera Browser 10.00 beta 2
    cpe:2.3:a:opera:opera_browser:10.00:beta2
  • Opera Browser 10.00 beta 1
    cpe:2.3:a:opera:opera_browser:10.00:beta1
  • Opera Browser 9.50 beta 2
    cpe:2.3:a:opera:opera_browser:9.50:beta2
  • Opera Browser 9.50 beta 1
    cpe:2.3:a:opera:opera_browser:9.50:beta1
  • Opera Browser 9.20 beta 1
    cpe:2.3:a:opera:opera_browser:9.20:beta1
  • Opera Browser 9.0 beta 2
    cpe:2.3:a:opera:opera_browser:9.0:beta2
  • Opera Browser 9.0 beta 1
    cpe:2.3:a:opera:opera_browser:9.0:beta1
  • Opera Browser 8.0 beta 3
    cpe:2.3:a:opera:opera_browser:8.0:beta3
  • Opera Browser 8.0 beta 2
    cpe:2.3:a:opera:opera_browser:8.0:beta2
  • Opera Browser 8.0 beta 1
    cpe:2.3:a:opera:opera_browser:8.0:beta1
  • Opera Browser 7.54 update 2
    cpe:2.3:a:opera:opera_browser:7.54:update2
  • Opera Browser 7.54 update 1
    cpe:2.3:a:opera:opera_browser:7.54:update1
  • Opera Browser 7.52
    cpe:2.3:a:opera:opera_browser:7.52
  • Opera Browser 7.51
    cpe:2.3:a:opera:opera_browser:7.51
  • Opera Browser 7.50
    cpe:2.3:a:opera:opera_browser:7.50
  • Opera Browser 9.10
    cpe:2.3:a:opera:opera_browser:9.10
  • Opera Browser 7.20
    cpe:2.3:a:opera:opera_browser:7.20
  • Opera Browser 9.21
    cpe:2.3:a:opera:opera_browser:9.21
  • Opera Browser 7.21
    cpe:2.3:a:opera:opera_browser:7.21
  • Opera Browser 8.54
    cpe:2.3:a:opera:opera_browser:8.54
  • Opera Browser 7.22
    cpe:2.3:a:opera:opera_browser:7.22
  • Opera Browser 7.50 beta 1
    cpe:2.3:a:opera:opera_browser:7.50:beta1
  • Opera Browser 7.53
    cpe:2.3:a:opera:opera_browser:7.53
  • Opera Browser 7.03
    cpe:2.3:a:opera:opera_browser:7.03
  • Opera Browser 7.54
    cpe:2.3:a:opera:opera_browser:7.54
  • Opera Browser 7.10
    cpe:2.3:a:opera:opera_browser:7.10
  • Opera Browser 7.11
    cpe:2.3:a:opera:opera_browser:7.11
  • Opera Browser 7.0
    cpe:2.3:a:opera:opera_browser:7.0
  • Opera Browser 7.23
    cpe:2.3:a:opera:opera_browser:7.23
  • Opera Browser 7.20 beta 7
    cpe:2.3:a:opera:opera_browser:7.20:beta7
  • Opera Browser 7.0 beta 1
    cpe:2.3:a:opera:opera_browser:7.0:beta1
  • Opera Browser 8.01
    cpe:2.3:a:opera:opera_browser:8.01
  • Opera Browser 7.0 beta 2
    cpe:2.3:a:opera:opera_browser:7.0:beta2
  • Opera Browser 7.01
    cpe:2.3:a:opera:opera_browser:7.01
  • Opera Browser 7.60
    cpe:2.3:a:opera:opera_browser:7.60
  • Opera Browser 7.02
    cpe:2.3:a:opera:opera_browser:7.02
  • Opera Browser 8.51
    cpe:2.3:a:opera:opera_browser:8.51
  • Opera Browser 6.04
    cpe:2.3:a:opera:opera_browser:6.04
  • Opera Browser 8.53
    cpe:2.3:a:opera:opera_browser:8.53
  • Opera Browser 6.05
    cpe:2.3:a:opera:opera_browser:6.05
  • Opera Browser 8.02
    cpe:2.3:a:opera:opera_browser:8.02
  • Opera Browser 6.06
    cpe:2.3:a:opera:opera_browser:6.06
  • Opera Browser 8.50
    cpe:2.3:a:opera:opera_browser:8.50
  • Opera Browser 7.0 beta 1 v2
    cpe:2.3:a:opera:opera_browser:7.0:beta1_v2
  • Opera Browser 6.01
    cpe:2.3:a:opera:opera_browser:6.01
  • Opera Browser 6.0
    cpe:2.3:a:opera:opera_browser:6.0
  • Opera Browser 6.03
    cpe:2.3:a:opera:opera_browser:6.03
  • Opera Browser 6.02
    cpe:2.3:a:opera:opera_browser:6.02
  • Opera Browser 5.11
    cpe:2.3:a:opera:opera_browser:5.11
  • Opera Browser 5.10
    cpe:2.3:a:opera:opera_browser:5.10
  • Opera Browser 6.0 beta 1
    cpe:2.3:a:opera:opera_browser:6.0:beta1
  • Opera Browser 5.12
    cpe:2.3:a:opera:opera_browser:5.12
  • Opera Browser 9.01
    cpe:2.3:a:opera:opera_browser:9.01
  • Opera Browser 7.11 beta 2
    cpe:2.3:a:opera:opera_browser:7.11:beta2
  • Opera Browser 9.0
    cpe:2.3:a:opera:opera_browser:9.0
  • Opera Browser 7.10 beta 1
    cpe:2.3:a:opera:opera_browser:7.10:beta1
  • Opera Browser 8.52
    cpe:2.3:a:opera:opera_browser:8.52
  • Opera Browser 5.02
    cpe:2.3:a:opera:opera_browser:5.02
  • Opera Browser 8.0
    cpe:2.3:a:opera:opera_browser:8.0
  • Opera Browser 10.53b
    cpe:2.3:a:opera:opera_browser:10.53:b
  • Opera Browser 9.22
    cpe:2.3:a:opera:opera_browser:9.22
  • Opera Browser 6.1
    cpe:2.3:a:opera:opera_browser:6.1
  • Opera Browser 9.20
    cpe:2.3:a:opera:opera_browser:9.20
  • Opera Browser 6.1 beta 1
    cpe:2.3:a:opera:opera_browser:6.1:beta1
  • Opera Browser 9.12
    cpe:2.3:a:opera:opera_browser:9.12
  • Opera Browser 6.12
    cpe:2.3:a:opera:opera_browser:6.12
  • Opera Browser 9.02
    cpe:2.3:a:opera:opera_browser:9.02
  • Opera Browser 6.11
    cpe:2.3:a:opera:opera_browser:6.11
  • Opera Browser 10.54
    cpe:2.3:a:opera:opera_browser:10.54
  • Opera Browser 10.60 beta1
    cpe:2.3:a:opera:opera_browser:10.60:beta1
  • Opera Browser 10.60
    cpe:2.3:a:opera:opera_browser:10.60
  • Opera Browser 10.61
    cpe:2.3:a:opera:opera_browser:10.61
  • Opera Browser 10.63
    cpe:2.3:a:opera:opera_browser:10.63
  • Opera Browser 10.62
    cpe:2.3:a:opera:opera_browser:10.62
  • Opera Browser 10.51
    cpe:2.3:a:opera:opera_browser:10.51
  • Opera Browser 11.00 beta
    cpe:2.3:a:opera:opera_browser:11.00:beta
  • Opera Browser 11.00
    cpe:2.3:a:opera:opera_browser:11.00
  • cpe:2.3:a:opera:opera_browser:11.00:alpha
    cpe:2.3:a:opera:opera_browser:11.00:alpha
  • Opera Browser 11.01
    cpe:2.3:a:opera:opera_browser:11.01
  • cpe:2.3:a:opera:opera_browser:11.10:alpha
    cpe:2.3:a:opera:opera_browser:11.10:alpha
  • Opera Browser 11.10 Beta
    cpe:2.3:a:opera:opera_browser:11.10:beta
CVSS
Base: 5.0 (as of 01-07-2011 - 13:35)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201206-03.NASL
    description The remote host is affected by the vulnerability described in GLSA-201206-03 (Opera: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Opera. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted web page, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. A remote attacker may be able to: trick users into downloading and executing arbitrary files, bypass intended access restrictions, spoof trusted content, spoof URLs, bypass the Same Origin Policy, obtain sensitive information, force subscriptions to arbitrary feeds, bypass the popup blocker, bypass CSS filtering, conduct cross-site scripting attacks, or have other unknown impact. A local attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application or possibly obtain sensitive information. A physically proximate attacker may be able to access an email account. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 59631
    published 2012-06-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59631
    title GLSA-201206-03 : Opera: Multiple vulnerabilities
  • NASL family Windows
    NASL id OPERA_1110.NASL
    description The version of Opera installed on the remote Windows host is earlier than 11.10 and thus is potentially affected by the following vulnerabilities : - An unspecified vulnerability allows remote attackers to hijack searches and customizations using unspecified third-party applications. (CVE-2011-2634) - Several errors exist that can cause application crashes. Affected items or functionalities are the handling of the CSS pseudo-class ':hover' if used with transforms on a floated element, unspecified web content, and the handling of an embedded Java applet with empty parameters. (CVE-2011-2635, CVE-2011-2636, CVE-2011-2637, CVE-2011-2638, CVE-2011-2640) - An error in the handling of hidden animated GIF images can cause a denial of service through CPU consumption as image repaints are triggered. (CVE-2011-2639)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 55506
    published 2011-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55506
    title Opera < 11.10 Multiple Vulnerabilities
refmap via4
confirm
Last major update 05-07-2011 - 00:00
Published 01-07-2011 - 06:55
Back to Top