Kaspersky Threats

Дата обнаружения

30/10/2019

Уровень угрозы

High

Описание

Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, cause denial of service.

Below is a complete list of vulnerabilities:

Cross-origin data leak vulnerability can be exploited to arbitrary code execution;
Security UI vulnerability in full screen mode can be exploited remotely via a crafted web page to perform domain spoofing;
URL spoof vulnerability in navigation can be exploited to arbitrary code execution;
Out-of-bounds read vulnerability in PDFium can be exploited to arbitrary code execution;
Unspecified vulnerability in libexpat can be exploited remotely via specially designed XML-file to obtain sensitive information;
File download protection bypass vulnerability can be exploited to arbitrary code execution;
Privilege elevation vulnerability in Installer can be exploited to arbitrary code execution;
Use-after-free vulnerability in media can be exploited to arbitrary code execution;
IDN spoof vulnerability can be exploited to arbitrary code execution;
CSP bypass vulnerability can be exploited to arbitrary code execution;
CSS injection vulnerability can be exploited to arbitrary code execution;
Cross-context information leak vulnerability can be exploited to arbitrary code execution;
Extension permission bypass vulnerability can be exploited to arbitrary code execution;
Service worker state error vulnerability can be exploited to arbitrary code execution;
Address bar spoofing vulnerability can be exploited to arbitrary code execution;
Use after free vulnerability in content delivery manager can be exploited remotely via a crafted web page to potentially cause denial of service;
File storage disclosure vulnerability can be exploited to arbitrary code execution;
URL bar spoofing vulnerability can be exploited to arbitrary code execution;
Buffer overrun vulnerability in Blink can be exploited to arbitrary code execution;
HTTP authentication spoof vulnerability can be exploited to arbitrary code execution;

Пораженные продукты

Opera erlier than 65.0.3467.24

Решение

Update to the latest version
Download Opera

Первичный источник обнаружения

Changelog for Opera 65
Stable Channel Update for Desktop

Оказываемое влияние

?

ACE

[?]

DoS

[?]

SUI

[?]

Связанные продукты

Opera

CVE-IDS

Дата обнаружения	30/10/2019
Уровень угрозы	High
Описание	Multiple vulnerabilities were found in Opera. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface, cause denial of service. Below is a complete list of vulnerabilities: Cross-origin data leak vulnerability can be exploited to arbitrary code execution; Security UI vulnerability in full screen mode can be exploited remotely via a crafted web page to perform domain spoofing; URL spoof vulnerability in navigation can be exploited to arbitrary code execution; Out-of-bounds read vulnerability in PDFium can be exploited to arbitrary code execution; Unspecified vulnerability in libexpat can be exploited remotely via specially designed XML-file to obtain sensitive information; File download protection bypass vulnerability can be exploited to arbitrary code execution; Privilege elevation vulnerability in Installer can be exploited to arbitrary code execution; Use-after-free vulnerability in media can be exploited to arbitrary code execution; IDN spoof vulnerability can be exploited to arbitrary code execution; CSP bypass vulnerability can be exploited to arbitrary code execution; CSS injection vulnerability can be exploited to arbitrary code execution; Cross-context information leak vulnerability can be exploited to arbitrary code execution; Extension permission bypass vulnerability can be exploited to arbitrary code execution; Service worker state error vulnerability can be exploited to arbitrary code execution; Address bar spoofing vulnerability can be exploited to arbitrary code execution; Use after free vulnerability in content delivery manager can be exploited remotely via a crafted web page to potentially cause denial of service; File storage disclosure vulnerability can be exploited to arbitrary code execution; URL bar spoofing vulnerability can be exploited to arbitrary code execution; Buffer overrun vulnerability in Blink can be exploited to arbitrary code execution; HTTP authentication spoof vulnerability can be exploited to arbitrary code execution;
Пораженные продукты	Opera erlier than 65.0.3467.24
Решение	Update to the latest version Download Opera
Первичный источник обнаружения	Changelog for Opera 65 Stable Channel Update for Desktop
Оказываемое влияние ?	ACE [?] DoS [?] SUI [?]
Связанные продукты	Opera
CVE-IDS	CVE-2019-136990.0Unknown CVE-2019-137000.0Unknown CVE-2019-137010.0Unknown CVE-2019-137020.0Unknown CVE-2019-137030.0Unknown CVE-2019-137040.0Unknown CVE-2019-137050.0Unknown CVE-2019-137060.0Unknown CVE-2019-137070.0Unknown CVE-2019-137080.0Unknown CVE-2019-137090.0Unknown CVE-2019-137100.0Unknown CVE-2019-137110.0Unknown CVE-2019-159030.0Unknown CVE-2019-137130.0Unknown CVE-2019-137140.0Unknown CVE-2019-137150.0Unknown CVE-2019-137160.0Unknown CVE-2019-137170.0Unknown CVE-2019-137180.0Unknown CVE-2019-137190.0Unknown CVE-2019-137650.0Unknown