Lucene search
MitreCVE-2007-6524HistoryDec 24, 2007 - 8:46 p.m.
CVE-2007-6524
2007-12-2420:46:00
CWE-200
mitre
web.nvd.nist.gov
35
cve-2007-6524
security vulnerability
opera
remote attack
memory contents
bmp file
nvd
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
AI Score
5.9
Confidence
Low
EPSS
0.115
Percentile
95.4%
Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated using a CANVAS element and JavaScript in an HTML document for copying these contents from 9.50 beta, a related issue to CVE-2008-0420.
Affected configurations
Node
operaopera_browserRange≤9.24
ORoperaopera_browserMatch5.0
ORoperaopera_browserMatch5.0beta2
ORoperaopera_browserMatch5.0beta3
ORoperaopera_browserMatch5.0beta4
ORoperaopera_browserMatch5.0beta5
ORoperaopera_browserMatch5.0beta6
ORoperaopera_browserMatch5.0beta7
ORoperaopera_browserMatch5.0beta8
ORoperaopera_browserMatch5.02
ORoperaopera_browserMatch5.10
ORoperaopera_browserMatch5.11
ORoperaopera_browserMatch5.12
ORoperaopera_browserMatch6.0
ORoperaopera_browserMatch6.0beta1
ORoperaopera_browserMatch6.0beta2
ORoperaopera_browserMatch6.0tp1
ORoperaopera_browserMatch6.0tp2
ORoperaopera_browserMatch6.0tp3
ORoperaopera_browserMatch6.1
ORoperaopera_browserMatch6.01
ORoperaopera_browserMatch6.1beta1
ORoperaopera_browserMatch6.02
ORoperaopera_browserMatch6.03
ORoperaopera_browserMatch6.04
ORoperaopera_browserMatch6.05
ORoperaopera_browserMatch6.06
ORoperaopera_browserMatch6.11
ORoperaopera_browserMatch6.12
ORoperaopera_browserMatch7.0
ORoperaopera_browserMatch7.0beta1
ORoperaopera_browserMatch7.0beta1_v2
ORoperaopera_browserMatch7.0beta2
ORoperaopera_browserMatch7.01
ORoperaopera_browserMatch7.02
ORoperaopera_browserMatch7.03
ORoperaopera_browserMatch7.10
ORoperaopera_browserMatch7.10beta1
ORoperaopera_browserMatch7.11
ORoperaopera_browserMatch7.11beta2
ORoperaopera_browserMatch7.20
ORoperaopera_browserMatch7.20beta7
ORoperaopera_browserMatch7.21
ORoperaopera_browserMatch7.22
ORoperaopera_browserMatch7.23
ORoperaopera_browserMatch7.50
ORoperaopera_browserMatch7.50beta1
ORoperaopera_browserMatch7.51
ORoperaopera_browserMatch7.52
ORoperaopera_browserMatch7.53
ORoperaopera_browserMatch7.54
ORoperaopera_browserMatch7.54update1
ORoperaopera_browserMatch7.54update2
ORoperaopera_browserMatch7.60
ORoperaopera_browserMatch8.0
ORoperaopera_browserMatch8.0beta1
ORoperaopera_browserMatch8.0beta2
ORoperaopera_browserMatch8.0beta3
ORoperaopera_browserMatch8.01
ORoperaopera_browserMatch8.02
ORoperaopera_browserMatch8.50
ORoperaopera_browserMatch8.51
ORoperaopera_browserMatch8.52
ORoperaopera_browserMatch8.53
ORoperaopera_browserMatch8.54
ORoperaopera_browserMatch9.0
ORoperaopera_browserMatch9.0beta1
ORoperaopera_browserMatch9.0beta2
ORoperaopera_browserMatch9.01
ORoperaopera_browserMatch9.02
ORoperaopera_browserMatch9.10
ORoperaopera_browserMatch9.12
ORoperaopera_browserMatch9.20
ORoperaopera_browserMatch9.20beta1
ORoperaopera_browserMatch9.21
ORoperaopera_browserMatch9.22
ORoperaopera_browserMatch9.23
| Vendor | Product | Version | CPE |
|---|---|---|---|
| opera | opera_browser | * | cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:* |
| opera | opera_browser | 5.0 | cpe:2.3:a:opera:opera_browser:5.0:*:*:*:*:*:*:* |
| opera | opera_browser | 5.0 | cpe:2.3:a:opera:opera_browser:5.0:beta2:*:*:*:*:*:* |
| opera | opera_browser | 5.0 | cpe:2.3:a:opera:opera_browser:5.0:beta3:*:*:*:*:*:* |
| opera | opera_browser | 5.0 | cpe:2.3:a:opera:opera_browser:5.0:beta4:*:*:*:*:*:* |
| opera | opera_browser | 5.0 | cpe:2.3:a:opera:opera_browser:5.0:beta5:*:*:*:*:*:* |
| opera | opera_browser | 5.0 | cpe:2.3:a:opera:opera_browser:5.0:beta6:*:*:*:*:*:* |
| opera | opera_browser | 5.0 | cpe:2.3:a:opera:opera_browser:5.0:beta7:*:*:*:*:*:* |
| opera | opera_browser | 5.0 | cpe:2.3:a:opera:opera_browser:5.0:beta8:*:*:*:*:*:* |
| opera | opera_browser | 5.02 | cpe:2.3:a:opera:opera_browser:5.02:*:*:*:*:*:*:* |
References
bugs.gentoo.org/show_bug.cgi?id=202770
lists.opensuse.org/opensuse-security-announce/2008-01/msg00001.html
osvdb.org/42691
secunia.com/advisories/28169
secunia.com/advisories/28290
secunia.com/advisories/28314
security.gentoo.org/glsa/glsa-200712-22.xml
securitytracker.com/id?1019435
www.opera.com/docs/changelogs/linux/925/
www.opera.com/docs/changelogs/windows/925/
www.opera.com/support/search/view/876/
www.securityfocus.com/archive/1/488264/100/0/threaded
www.securityfocus.com/bid/26937
www.securitytracker.com/id?1019131
www.vupen.com/english/advisories/2007/4261
bugzilla.mozilla.org/show_bug.cgi?id=408076
exchange.xforce.ibmcloud.com/vulnerabilities/39163
Related
prion
prion
Design/Logic Flaw
2007-12-24 20:46:00
Out-of-bounds
2008-02-12 03:00:00
Design/Logic Flaw
2008-02-21 21:44:00
nvd
nvd
ubuntucve
ubuntucve
CVE-2007-6524
2007-12-24 00:00:00
CVE-2008-0420
2008-02-12 00:00:00
cvelist
cvelist
seebug
seebug
Opera Web浏览器9.25版本修复多个漏洞
2008-05-30 00:00:00
freebsd
freebsd
opera -- multiple vulnerabilities
2007-12-19 00:00:00
mozilla -- multiple vulnerabilities
2008-02-07 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200712-22 (opera)
2008-09-24 00:00:00
FreeBSD Ports: opera, opera-devel, linux-opera
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200712-22 (opera)
2008-09-24 00:00:00
nessus
nessus
FreeBSD : opera -- multiple vulnerabilities (31b045e7-ae75-11dc-a5f9-001a4d49522b)
2007-12-24 00:00:00
GLSA-200712-22 : Opera: Multiple vulnerabilities
2007-12-31 00:00:00
openSUSE 10 Security Update : opera (opera-4858)
2008-01-08 00:00:00
gentoo
gentoo
Opera: Multiple vulnerabilities
2007-12-30 00:00:00
Mozilla products: Multiple vulnerabilities
2008-05-20 00:00:00
securityvulns
securityvulns
Opera browser multiple security vulnerabilities
2008-01-02 00:00:00
Mozilla Foundation Security Advisory 2008-07
2008-02-27 00:00:00
Mozilla Firefox / Opera information leak
2008-02-27 00:00:00
suse
suse
remote code execution in opera
2008-01-07 17:35:59
mozilla
mozilla
Possible information disclosure in BMP decoder — Mozilla
2008-02-19 00:00:00
cve
cve
CVE-2008-0420
2008-02-12 03:00:00
CVE-2008-0894
2008-02-21 21:44:00
ubuntu
ubuntu
Thunderbird regression
2008-03-06 00:00:00
Thunderbird vulnerabilities
2008-02-29 00:00:00
Firefox vulnerabilities
2008-02-08 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: thunderbird-2.0.0.12-1.fc8
2008-02-28 21:38:54
[SECURITY] Fedora 7 Update: thunderbird-2.0.0.12-1.fc7
2008-02-28 21:46:05
oraclelinux
oraclelinux
Moderate: thunderbird security update
2008-02-08 00:00:00
Critical: firefox security update
2008-02-08 00:00:00
Critical: seamonkey security update
2008-02-08 00:00:00
redhat
redhat
(RHSA-2008:0105) Critical: thunderbird security update
2008-02-07 00:00:00
(RHSA-2008:0103) Critical: firefox security update
2008-02-07 00:00:00
(RHSA-2008:0104) Critical: seamonkey security update
2008-02-07 00:00:00
centos
centos
thunderbird security update
2008-02-08 19:19:22
firefox security update
2008-02-08 19:18:05
seamonkey security update
2008-02-08 19:04:30
osv
osv
xulrunner - several vulnerabilities
2008-02-10 00:00:00
iceape
2008-03-28 00:00:00
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
AI Score
5.9
Confidence
Low
EPSS
0.115
Percentile
95.4%
Related for CVE-2007-6524