Vulnerability ID 5387

Opera Browser up to 11.62 User Input Sanitizer buffer overflow

Opera
CVSSv2 Temp ScoreCurrent Exploit Price
5.9$2k-$5k

A vulnerability was found in Opera Browser up to 11.62 and classified as problematic. This issue affects an unknown function of the component User Input Sanitizer. The manipulation with an unknown input leads to a buffer overflow vulnerability. Impacted is confidentiality, integrity, and availability.

The weakness was disclosed 05/10/2012 by Andrey Stroganov as confirmed knowledge base article (Website). The advisory is shared for download at opera.com. The vendor was not involved in the public release. The identification of this vulnerability is CVE-2012-3561 since 06/14/2012. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details are unknown but a private exploit is available.

The vulnerability scanner Nessus provides a plugin with the ID 59089 (Opera < 11.64 URL Parsing Memory Corruption), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows.

Upgrading to version 11.64 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

The vulnerability is also documented in the databases at OSVDB (81809), SecurityFocus (BID 53474), X-Force (76388), Secunia (SA49081) and SecurityTracker (ID 1027066).

CVSS

Base Score: 6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P) [?]
Temp Score: 5.9 (CVSS2#E:ND/RL:OF/RC:C) [?]

Access VectorAccess ComplexityAuthenticationConfidentialityIntegrityAvailability
LocalHighMultipleNoneNoneNone
AdjacentMediumSinglePartialPartialPartial
NetworkLowNoneCompleteCompleteComplete

CPE

Exploiting

Class: Buffer overflow (CWE-119)
Local: No
Remote: Yes

Availability: Yes
Access: Private

Current Price Estimation:

0-Day$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k
Today$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k


Nessus ID: 59089
Nessus Name: Opera < 11.64 URL Parsing Memory Corruption
Nessus File: gentoo_GLSA-201206-03.nasl
Nessus Family: Windows
OpenVAS ID: 802654
OpenVAS Name: Opera URL Processing Arbitrary Code Execution Vulnerability (Linux)
OpenVAS File: gb_opera_url_code_exec_vuln_lin.nasl
OpenVAS Family: Denial of Service

Countermeasures

Recommended: Upgrade
Status: Official fix
Reaction Time: 0 days since reported
0-Day Time: 0 days since found
Exposure Time: 0 days since known

Upgrade: Browser 11.64

Timeline

05/10/2012 | Advisory disclosed
05/10/2012 | Countermeasure disclosed
05/11/2012 | OSVDB entry created
05/14/2012 | Nessus plugin released
05/15/2012 | VulDB entry created
06/14/2012 | CVE assigned
06/14/2012 | NVD disclosed
06/14/2012 | VulnerabilityCenter entry assigned
08/05/2012 | VulnerabilityCenter entry created
04/02/2014 | VulnerabilityCenter entry updated
07/08/2015 | VulDB entry updated

Sources

Advisory: opera.com
Researcher: Andrey Stroganov
Status: Confirmed
Confirmation: opera.com

CVE: CVE-2012-3561 (mitre.org) (nvd.nist.org) (cvedetails.com)

OSVDB: 81809 - Opera Out-of-bounds URL String Parsing Memory Corruption
SecurityFocus: 53474
Secunia: 49081 - Opera URL Parsing Code Execution Vulnerability, Highly Critical
X-Force: 76388
SecurityTracker: 1027066 - Opera URL Processing Error Lets Remote Users Execute Arbitrary Code
Vulnerability Center: 35796 - Opera Before 11.64 Improper Memory Allocation For URL String Allows Remote Code Execution \\ DoS, Medium

Entry

Created: 05/15/2012
Updated: 07/08/2015
Entry: 92.6% complete