Sid 1-49115
Message
BROWSER-OTHER Opera GIF parsing buffer overflow attempt
Summary
This event is generated when an attacker attempts to exploit a buffer overflow vulnerability in Opera.
Impact
Attempted User Privilege Gain
CVE-2012-6470:
CVSS base score 9.3
CVSS impact score 10.0
CVSS exploitability score 8.6
Confidentiality Impact COMPLETE
Integrity Impact COMPLETE
Availability Impact COMPLETE
Detailed information
Rule checks for attempts to exploit a buffer overflow vulnerability in Opera.
CVE-2012-6470: Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image.
Affected systems
- opera opera_browser 1.00
- opera opera_browser 2.00
- opera opera_browser 2.10
- opera opera_browser 2.12
- opera opera_browser 3.00
- opera opera_browser 3.10
- opera opera_browser 3.21
- opera opera_browser 3.50
- opera opera_browser 3.51
- opera opera_browser 3.60
- opera opera_browser 3.61
- opera opera_browser 3.62
- opera opera_browser 4.00
- opera opera_browser 4.01
- opera opera_browser 4.02
- opera opera_browser 5.0
- opera opera_browser 5.02
- opera opera_browser 5.10
- opera opera_browser 5.11
- opera opera_browser 5.12
- opera opera_browser 6.0
- opera opera_browser 6.01
- opera opera_browser 6.1
- opera opera_browser 6.02
- opera opera_browser 6.03
- opera opera_browser 6.04
- opera opera_browser 6.05
- opera opera_browser 6.06
- opera opera_browser 6.11
- opera opera_browser 6.12
- opera opera_browser 7.0
- opera opera_browser 7.01
- opera opera_browser 7.02
- opera opera_browser 7.03
- opera opera_browser 7.10
- opera opera_browser 7.11
- opera opera_browser 7.20
- opera opera_browser 7.21
- opera opera_browser 7.22
- opera opera_browser 7.23
- opera opera_browser 7.50
- opera opera_browser 7.51
- opera opera_browser 7.52
- opera opera_browser 7.53
- opera opera_browser 7.54
- opera opera_browser 7.60
- opera opera_browser 8.0
- opera opera_browser 8.01
- opera opera_browser 8.02
- opera opera_browser 8.50
- opera opera_browser 8.51
- opera opera_browser 8.52
- opera opera_browser 8.53
- opera opera_browser 8.54
- opera opera_browser 9.0
- opera opera_browser 9.01
- opera opera_browser 9.02
- opera opera_browser 9.10
- opera opera_browser 9.12
- opera opera_browser 9.20
- opera opera_browser 9.21
- opera opera_browser 9.22
- opera opera_browser 9.23
- opera opera_browser 9.24
- opera opera_browser 9.25
- opera opera_browser 9.26
- opera opera_browser 9.27
- opera opera_browser 9.50
- opera opera_browser 9.51
- opera opera_browser 9.52
- opera opera_browser 9.60
- opera opera_browser 9.61
- opera opera_browser 9.62
- opera opera_browser 9.63
- opera opera_browser 9.64
- opera opera_browser 10.00
- opera opera_browser 10.01
- opera opera_browser 10.10
- opera opera_browser 10.11
- opera opera_browser 10.20
- opera opera_browser 10.50
- opera opera_browser 10.51
- opera opera_browser 10.52
- opera opera_browser 10.53
- opera opera_browser 10.54
- opera opera_browser 10.60
- opera opera_browser 10.61
- opera opera_browser 10.62
- opera opera_browser 10.63
- opera opera_browser 11.00
- opera opera_browser 11.01
- opera opera_browser 11.10
- opera opera_browser 11.11
- opera opera_browser 11.50
- opera opera_browser 11.51
- opera opera_browser 11.52
- opera opera_browser 11.52.1100
- opera opera_browser 11.60
- opera opera_browser 11.61
- opera opera_browser 11.62
- opera opera_browser 11.64
- opera opera_browser 11.65
- opera opera_browser 11.66
- opera opera_browser 12.00
- opera opera_browser 12.01
- opera opera_browser 12.02
- opera opera_browser 12.10
- opera opera_browser 12.11
Ease of attack
CVE-2012-6470:
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE
False positives
Not known
False negatives
Not known
Corrective action
Contributors
- Cisco Talos Intelligence Group
Additional References
