Lucene search
HistoryDec 24, 2007 - 8:46 p.m.
CVE-2007-6524
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
AI Score
6
Confidence
Low
EPSS
0.115
Percentile
95.4%
Opera before 9.25 allows remote attackers to obtain potentially sensitive memory contents via a crafted bitmap (BMP) file, as demonstrated using a CANVAS element and JavaScript in an HTML document for copying these contents from 9.50 beta, a related issue to CVE-2008-0420.
Affected configurations
Node
operaopera_browserRange≤9.24
ORoperaopera_browserMatch5.0
ORoperaopera_browserMatch5.0beta2
ORoperaopera_browserMatch5.0beta3
ORoperaopera_browserMatch5.0beta4
ORoperaopera_browserMatch5.0beta5
ORoperaopera_browserMatch5.0beta6
ORoperaopera_browserMatch5.0beta7
ORoperaopera_browserMatch5.0beta8
ORoperaopera_browserMatch5.02
ORoperaopera_browserMatch5.10
ORoperaopera_browserMatch5.11
ORoperaopera_browserMatch5.12
ORoperaopera_browserMatch6.0
ORoperaopera_browserMatch6.0beta1
ORoperaopera_browserMatch6.0beta2
ORoperaopera_browserMatch6.0tp1
ORoperaopera_browserMatch6.0tp2
ORoperaopera_browserMatch6.0tp3
ORoperaopera_browserMatch6.1
ORoperaopera_browserMatch6.01
ORoperaopera_browserMatch6.1beta1
ORoperaopera_browserMatch6.02
ORoperaopera_browserMatch6.03
ORoperaopera_browserMatch6.04
ORoperaopera_browserMatch6.05
ORoperaopera_browserMatch6.06
ORoperaopera_browserMatch6.11
ORoperaopera_browserMatch6.12
ORoperaopera_browserMatch7.0
ORoperaopera_browserMatch7.0beta1
ORoperaopera_browserMatch7.0beta1_v2
ORoperaopera_browserMatch7.0beta2
ORoperaopera_browserMatch7.01
ORoperaopera_browserMatch7.02
ORoperaopera_browserMatch7.03
ORoperaopera_browserMatch7.10
ORoperaopera_browserMatch7.10beta1
ORoperaopera_browserMatch7.11
ORoperaopera_browserMatch7.11beta2
ORoperaopera_browserMatch7.20
ORoperaopera_browserMatch7.20beta7
ORoperaopera_browserMatch7.21
ORoperaopera_browserMatch7.22
ORoperaopera_browserMatch7.23
ORoperaopera_browserMatch7.50
ORoperaopera_browserMatch7.50beta1
ORoperaopera_browserMatch7.51
ORoperaopera_browserMatch7.52
ORoperaopera_browserMatch7.53
ORoperaopera_browserMatch7.54
ORoperaopera_browserMatch7.54update1
ORoperaopera_browserMatch7.54update2
ORoperaopera_browserMatch7.60
ORoperaopera_browserMatch8.0
ORoperaopera_browserMatch8.0beta1
ORoperaopera_browserMatch8.0beta2
ORoperaopera_browserMatch8.0beta3
ORoperaopera_browserMatch8.01
ORoperaopera_browserMatch8.02
ORoperaopera_browserMatch8.50
ORoperaopera_browserMatch8.51
ORoperaopera_browserMatch8.52
ORoperaopera_browserMatch8.53
ORoperaopera_browserMatch8.54
ORoperaopera_browserMatch9.0
ORoperaopera_browserMatch9.0beta1
ORoperaopera_browserMatch9.0beta2
ORoperaopera_browserMatch9.01
ORoperaopera_browserMatch9.02
ORoperaopera_browserMatch9.10
ORoperaopera_browserMatch9.12
ORoperaopera_browserMatch9.20
ORoperaopera_browserMatch9.20beta1
ORoperaopera_browserMatch9.21
ORoperaopera_browserMatch9.22
ORoperaopera_browserMatch9.23
| Vendor | Product | Version | CPE |
|---|---|---|---|
| opera | opera_browser | * | cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:* |
| opera | opera_browser | 5.0 | cpe:2.3:a:opera:opera_browser:5.0:*:*:*:*:*:*:* |
| opera | opera_browser | 5.0 | cpe:2.3:a:opera:opera_browser:5.0:beta2:*:*:*:*:*:* |
| opera | opera_browser | 5.0 | cpe:2.3:a:opera:opera_browser:5.0:beta3:*:*:*:*:*:* |
| opera | opera_browser | 5.0 | cpe:2.3:a:opera:opera_browser:5.0:beta4:*:*:*:*:*:* |
| opera | opera_browser | 5.0 | cpe:2.3:a:opera:opera_browser:5.0:beta5:*:*:*:*:*:* |
| opera | opera_browser | 5.0 | cpe:2.3:a:opera:opera_browser:5.0:beta6:*:*:*:*:*:* |
| opera | opera_browser | 5.0 | cpe:2.3:a:opera:opera_browser:5.0:beta7:*:*:*:*:*:* |
| opera | opera_browser | 5.0 | cpe:2.3:a:opera:opera_browser:5.0:beta8:*:*:*:*:*:* |
| opera | opera_browser | 5.02 | cpe:2.3:a:opera:opera_browser:5.02:*:*:*:*:*:*:* |
References
bugs.gentoo.org/show_bug.cgi?id=202770
lists.opensuse.org/opensuse-security-announce/2008-01/msg00001.html
osvdb.org/42691
secunia.com/advisories/28169
secunia.com/advisories/28290
secunia.com/advisories/28314
security.gentoo.org/glsa/glsa-200712-22.xml
securitytracker.com/id?1019435
www.opera.com/docs/changelogs/linux/925/
www.opera.com/docs/changelogs/windows/925/
www.opera.com/support/search/view/876/
www.securityfocus.com/archive/1/488264/100/0/threaded
www.securityfocus.com/bid/26937
www.securitytracker.com/id?1019131
www.vupen.com/english/advisories/2007/4261
bugzilla.mozilla.org/show_bug.cgi?id=408076
exchange.xforce.ibmcloud.com/vulnerabilities/39163
Related
prion
prion
Design/Logic Flaw
2007-12-24 20:46:00
Out-of-bounds
2008-02-12 03:00:00
Design/Logic Flaw
2008-02-21 21:44:00
ubuntucve
ubuntucve
CVE-2007-6524
2007-12-24 00:00:00
CVE-2008-0420
2008-02-12 00:00:00
cvelist
cvelist
cve
cve
nvd
nvd
CVE-2008-0420
2008-02-12 03:00:00
CVE-2008-0894
2008-02-21 21:44:00
seebug
seebug
Opera Web浏览器9.25版本修复多个漏洞
2008-05-30 00:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2008-07
2008-02-27 00:00:00
Mozilla Firefox / Opera information leak
2008-02-27 00:00:00
Opera browser multiple security vulnerabilities
2008-01-02 00:00:00
mozilla
mozilla
Possible information disclosure in BMP decoder — Mozilla
2008-02-19 00:00:00
nessus
nessus
FreeBSD : opera -- multiple vulnerabilities (31b045e7-ae75-11dc-a5f9-001a4d49522b)
2007-12-24 00:00:00
GLSA-200712-22 : Opera: Multiple vulnerabilities
2007-12-31 00:00:00
openSUSE 10 Security Update : opera (opera-4858)
2008-01-08 00:00:00
freebsd
freebsd
opera -- multiple vulnerabilities
2007-12-19 00:00:00
mozilla -- multiple vulnerabilities
2008-02-07 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200712-22 (opera)
2008-09-24 00:00:00
FreeBSD Ports: opera, opera-devel, linux-opera
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200712-22 (opera)
2008-09-24 00:00:00
gentoo
gentoo
Opera: Multiple vulnerabilities
2007-12-30 00:00:00
Mozilla products: Multiple vulnerabilities
2008-05-20 00:00:00
suse
suse
remote code execution in opera
2008-01-07 17:35:59
ubuntu
ubuntu
Thunderbird regression
2008-03-06 00:00:00
Thunderbird vulnerabilities
2008-02-29 00:00:00
Firefox vulnerabilities
2008-02-08 00:00:00
fedora
fedora
[SECURITY] Fedora 8 Update: thunderbird-2.0.0.12-1.fc8
2008-02-28 21:38:54
[SECURITY] Fedora 7 Update: thunderbird-2.0.0.12-1.fc7
2008-02-28 21:46:05
oraclelinux
oraclelinux
Moderate: thunderbird security update
2008-02-08 00:00:00
Critical: firefox security update
2008-02-08 00:00:00
Critical: seamonkey security update
2008-02-08 00:00:00
centos
centos
thunderbird security update
2008-02-08 19:19:22
firefox security update
2008-02-08 19:18:05
seamonkey security update
2008-02-08 19:04:30
redhat
redhat
(RHSA-2008:0105) Critical: thunderbird security update
2008-02-07 00:00:00
(RHSA-2008:0103) Critical: firefox security update
2008-02-07 00:00:00
(RHSA-2008:0104) Critical: seamonkey security update
2008-02-07 00:00:00
osv
osv
xulrunner - several vulnerabilities
2008-02-10 00:00:00
iceape
2008-03-28 00:00:00
CVSS2
7.8
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
AI Score
6
Confidence
Low
EPSS
0.115
Percentile
95.4%
Related for NVD:CVE-2007-6524