CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
5.1 | $0-$5k | 0.00 |
A vulnerability was found in Opera Web Browser up to 7.19 (Web Browser). It has been classified as problematic. Affected is an unknown function. The manipulation with an unknown input leads to a information disclosure vulnerability. CWE is classifying the issue as CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. This is going to have an impact on confidentiality. CVE summarizes:
Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially sensitive information from process memory by using a crafted image as the fill pattern for a canvas.
The weakness was shared 01/02/2013 with Google Security Group (Website). The advisory is available at opera.com. This vulnerability is traded as CVE-2012-6466 since 01/02/2013. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1592 by the MITRE ATT&CK project.
The vulnerability scanner Nessus provides a plugin with the ID 62821 (Opera < 12.10 Multiple Vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows.
Upgrading to version 7.20 eliminates this vulnerability.
The vulnerability is also documented in the databases at X-Force (80957) and Tenable (62821). The entries 6908, 6909, 6910 and 6911 are related to this item.
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.3VulDB Meta Temp Score: 5.1
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Information disclosureCWE: CWE-200 / CWE-284 / CWE-266
ATT&CK: T1592
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Nessus ID: 62821
Nessus Name: Opera < 12.10 Multiple Vulnerabilities
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 803145
OpenVAS Name: Opera Multiple Vulnerabilities-03 Jan13 (Linux)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: Web Browser 7.20
Timeline
11/06/2012 🔍11/06/2012 🔍
01/02/2013 🔍
01/02/2013 🔍
01/02/2013 🔍
07/01/2013 🔍
03/24/2015 🔍
12/21/2021 🔍
Sources
Vendor: opera.comAdvisory: opera.com
Organization: Google Security Group
Status: Not defined
Confirmation: 🔍
CVE: CVE-2012-6466 (🔍)
OVAL: 🔍
X-Force: 80957
Vulnerability Center: 40248 - Opera <12.10 Remote Leakage of Sensitive Information via a Maliciously Crafted Image Used as a Fill Pattern for a Canvas, Medium
SecurityFocus: 57120 - Opera Web Browser WebP Images Information Disclosure Vulnerability
See also: 🔍
Entry
Created: 03/24/2015 12:22Updated: 12/21/2021 09:28
Changes: 03/24/2015 12:22 (65), 05/04/2017 10:30 (6), 12/21/2021 09:28 (3)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.