Kaspersky Threats

Дата обнаружения

30/10/2019

Уровень угрозы

High

Описание

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, cause denial of service.

Below is a complete list of vulnerabilities:

Cross-origin data leak vulnerability can be exploited to arbitrary code execution;
Security UI vulnerability in full screen mode can be exploited remotely via a crafted web page to perform domain spoofing;
URL spoof vulnerability in navigation can be exploited to arbitrary code execution;
Out-of-bounds read vulnerability in PDFium can be exploited to arbitrary code execution;
Unspecified vulnerability in libexpat can be exploited remotely via specially designed XML-file to obtain sensitive information;
File download protection bypass vulnerability can be exploited to arbitrary code execution;
Privilege elevation vulnerability in Installer can be exploited to arbitrary code execution;
Use-after-free vulnerability in media can be exploited to arbitrary code execution;
IDN spoof vulnerability can be exploited to arbitrary code execution;
CSP bypass vulnerability can be exploited to arbitrary code execution;
CSS injection vulnerability can be exploited to arbitrary code execution;
Cross-context information leak vulnerability can be exploited to arbitrary code execution;
Extension permission bypass vulnerability can be exploited to arbitrary code execution;
Service worker state error vulnerability can be exploited to arbitrary code execution;
Address bar spoofing vulnerability can be exploited to arbitrary code execution;
Use after free vulnerability in content delivery manager can be exploited remotely via a crafted web page to potentially cause denial of service;
File storage disclosure vulnerability can be exploited to arbitrary code execution;
URL bar spoofing vulnerability can be exploited to arbitrary code execution;
Buffer overrun vulnerability in Blink can be exploited to arbitrary code execution;
HTTP authentication spoof vulnerability can be exploited to arbitrary code execution;

Пораженные продукты

Opera erlier than 65.0.3467.24

Решение

Update to the latest version
Download Opera

Первичный источник обнаружения

Changelog for Opera 65
Stable Channel Update for Desktop

Оказываемое влияние

?

ACE

[?]

DoS

[?]

SUI

[?]

Связанные продукты

Opera

CVE-IDS

Узнай статистику распространения уязвимостей в твоем регионе

Дата обнаружения	30/10/2019
Уровень угрозы	High
Описание	Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, cause denial of service. Below is a complete list of vulnerabilities: Cross-origin data leak vulnerability can be exploited to arbitrary code execution; Security UI vulnerability in full screen mode can be exploited remotely via a crafted web page to perform domain spoofing; URL spoof vulnerability in navigation can be exploited to arbitrary code execution; Out-of-bounds read vulnerability in PDFium can be exploited to arbitrary code execution; Unspecified vulnerability in libexpat can be exploited remotely via specially designed XML-file to obtain sensitive information; File download protection bypass vulnerability can be exploited to arbitrary code execution; Privilege elevation vulnerability in Installer can be exploited to arbitrary code execution; Use-after-free vulnerability in media can be exploited to arbitrary code execution; IDN spoof vulnerability can be exploited to arbitrary code execution; CSP bypass vulnerability can be exploited to arbitrary code execution; CSS injection vulnerability can be exploited to arbitrary code execution; Cross-context information leak vulnerability can be exploited to arbitrary code execution; Extension permission bypass vulnerability can be exploited to arbitrary code execution; Service worker state error vulnerability can be exploited to arbitrary code execution; Address bar spoofing vulnerability can be exploited to arbitrary code execution; Use after free vulnerability in content delivery manager can be exploited remotely via a crafted web page to potentially cause denial of service; File storage disclosure vulnerability can be exploited to arbitrary code execution; URL bar spoofing vulnerability can be exploited to arbitrary code execution; Buffer overrun vulnerability in Blink can be exploited to arbitrary code execution; HTTP authentication spoof vulnerability can be exploited to arbitrary code execution;
Пораженные продукты	Opera erlier than 65.0.3467.24
Решение	Update to the latest version Download Opera
Первичный источник обнаружения	Changelog for Opera 65 Stable Channel Update for Desktop
Оказываемое влияние ?	ACE [?] DoS [?] SUI [?]
Связанные продукты	Opera
CVE-IDS	CVE-2019-136996.8High CVE-2019-137006.8High CVE-2019-137014.3Warning CVE-2019-137026.8High CVE-2019-137034.3Warning CVE-2019-137044.3Warning CVE-2019-137054.3Warning CVE-2019-137066.8High CVE-2019-137074.3Warning CVE-2019-137084.3Warning CVE-2019-137094.3Warning CVE-2019-137104.3Warning CVE-2019-137115.0Critical CVE-2019-159035.0Critical CVE-2019-137134.3Warning CVE-2019-137144.3Warning CVE-2019-137154.3Warning CVE-2019-137164.3Warning CVE-2019-137174.3Warning CVE-2019-137184.3Warning CVE-2019-137194.3Warning CVE-2019-137654.3Warning
	Узнай статистику распространения уязвимостей в твоем регионе

KLA11714Multiple vulnerabilities in Opera

KLA11714
Multiple vulnerabilities in Opera