Think you have a false positive on this rule?

Sid 1-34170

Message

BROWSER-OTHER Opera SVG use after free memory corruption attempt

Summary

This event is generated when a use after free attempt is detected in Opera.

Impact

Attempted Denial of Service

CVE-2013-1638:

CVSS base score 9.3

CVSS impact score 10.0

CVSS exploitability score 8.6

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2013-1638: Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document.

Affected systems

  • opera opera_browser 12.00
  • opera opera_browser 12.01
  • opera opera_browser 12.02
  • opera opera_browser 12.10
  • opera opera_browser 12.11
  • opera opera_browser 12.12

Ease of attack

CVE-2013-1638:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

None Known

False negatives

None Known

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • osvdb.org/show/osvdb/89614