OSVDB ID: 31575

Title: Opera JavaScript createSVGTransformFromMatrix Request Arbitrary Code Exeution

Info

Disclosure

Jan 05, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jan 05, 2007

Description

Classification

Location: Remote / Network Access, Context Dependent
Impact: Loss of Integrity
Solution: Workaround, Upgrade
Exploit: Exploit Private
Disclosure: Vendor Verified, Coordinated Disclosure

Solution

Upgrade to version 9.10 or higher, as it has been reported to fix this vulnerability. It is also possible to temporarily work around the flaw by implementing the following workaround: Disable JavaScript.

Products

Unknown or Incomplete

References

Security Tracker: 1017473
CVE ID: 2007-0127 (see also: NVD)
Secunia Advisory ID: 23613 23739 23771
Related OSVDB ID: 31574
VUPEN Advisory: ADV-2007-0060
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0150.html
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0009.html
Other Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=458
http://lists.suse.com/archive/suse-security-announce/2007-Jan/0009.html
http://www.gentoo.org/security/en/glsa/glsa-200701-08.xml
http://www.opera.com/support/search/supsearch.dml?index=851
Vendor Specific Solution URL: http://www.gentoo.org/security/en/glsa/glsa-200701-08.xml
Vendor Specific News/Changelog Entry: http://www.opera.com/support/search/supsearch.dml?index=851

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/31575