Skip to main content

Opera Browser CVE-2012-1924

MEDIUM
Code Injection (CWE-94)
2012-03-28 cve@mitre.org
6.8
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:M/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Mar 28, 2012 - 03:22 cve.org
MEDIUM 6.8

DescriptionCVE.org

Opera before 11.62 allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog.

AnalysisAI

Opera before 11.62 allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. Opera before 11.62 allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog. Affected products include: Opera Opera Browser. Version information: before 11.62.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.

CVE-2012-6470 CRITICAL POC
9.3 Jan 02

Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary

CVE-2013-1638 CRITICAL POC
9.3 Feb 08

Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document. Rated cri

CVE-2012-3561 CRITICAL
10.0 Jun 14

Opera before 11.64 does not properly allocate memory for URL strings, which allows remote attackers to execute arbitrary

CVE-2012-6468 CRITICAL
9.3 Jan 02

Heap-based buffer overflow in Opera before 12.11 allows remote attackers to execute arbitrary code or cause a denial of

CVE-2013-1637 CRITICAL
9.3 Feb 08

Opera before 12.13 allows remote attackers to execute arbitrary code via vectors involving DOM events. Rated critical se

CVE-2016-4075 MEDIUM POC
6.1 Apr 21

Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related

CVE-2013-3211 CRITICAL
10.0 Apr 19

Unspecified vulnerability in Opera before 12.15 has unknown impact and attack vectors, related to a "moderately severe i

CVE-2012-4145 CRITICAL
10.0 Aug 06

Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X,

CVE-2012-3559 CRITICAL
10.0 Jun 14

Unspecified vulnerability in Opera before 12.00 on Mac OS X has unknown impact and attack vectors, related to a "moderat

CVE-2012-6465 CRITICAL
9.3 Jan 02

Opera before 12.10 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) vi

CVE-2012-3556 CRITICAL
9.3 Jun 14

Opera before 11.65 does not properly restrict the opening of a pop-up window in response to the first click of a double-

CVE-2012-1003 MEDIUM POC
5.0 Feb 07

Multiple integer overflows in Opera 11.60 and earlier allow remote attackers to cause a denial of service (application c

Share

CVE-2012-1924 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy