Think you have a false positive on this rule?

Sid 1-49115

Message

BROWSER-OTHER Opera GIF parsing buffer overflow attempt

Summary

This event is generated when an attacker attempts to exploit a buffer overflow vulnerability in Opera.

Impact

Attempted User Privilege Gain

CVE-2012-6470:

CVSS base score 9.3

CVSS impact score 10.0

CVSS exploitability score 8.6

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

Rule checks for attempts to exploit a buffer overflow vulnerability in Opera. CVE-2012-6470: Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image.

Affected systems

  • opera opera_browser 1.00
  • opera opera_browser 2.00
  • opera opera_browser 2.10
  • opera opera_browser 2.12
  • opera opera_browser 3.00
  • opera opera_browser 3.10
  • opera opera_browser 3.21
  • opera opera_browser 3.50
  • opera opera_browser 3.51
  • opera opera_browser 3.60
  • opera opera_browser 3.61
  • opera opera_browser 3.62
  • opera opera_browser 4.00
  • opera opera_browser 4.01
  • opera opera_browser 4.02
  • opera opera_browser 5.0
  • opera opera_browser 5.02
  • opera opera_browser 5.10
  • opera opera_browser 5.11
  • opera opera_browser 5.12
  • opera opera_browser 6.0
  • opera opera_browser 6.01
  • opera opera_browser 6.1
  • opera opera_browser 6.02
  • opera opera_browser 6.03
  • opera opera_browser 6.04
  • opera opera_browser 6.05
  • opera opera_browser 6.06
  • opera opera_browser 6.11
  • opera opera_browser 6.12
  • opera opera_browser 7.0
  • opera opera_browser 7.01
  • opera opera_browser 7.02
  • opera opera_browser 7.03
  • opera opera_browser 7.10
  • opera opera_browser 7.11
  • opera opera_browser 7.20
  • opera opera_browser 7.21
  • opera opera_browser 7.22
  • opera opera_browser 7.23
  • opera opera_browser 7.50
  • opera opera_browser 7.51
  • opera opera_browser 7.52
  • opera opera_browser 7.53
  • opera opera_browser 7.54
  • opera opera_browser 7.60
  • opera opera_browser 8.0
  • opera opera_browser 8.01
  • opera opera_browser 8.02
  • opera opera_browser 8.50
  • opera opera_browser 8.51
  • opera opera_browser 8.52
  • opera opera_browser 8.53
  • opera opera_browser 8.54
  • opera opera_browser 9.0
  • opera opera_browser 9.01
  • opera opera_browser 9.02
  • opera opera_browser 9.10
  • opera opera_browser 9.12
  • opera opera_browser 9.20
  • opera opera_browser 9.21
  • opera opera_browser 9.22
  • opera opera_browser 9.23
  • opera opera_browser 9.24
  • opera opera_browser 9.25
  • opera opera_browser 9.26
  • opera opera_browser 9.27
  • opera opera_browser 9.50
  • opera opera_browser 9.51
  • opera opera_browser 9.52
  • opera opera_browser 9.60
  • opera opera_browser 9.61
  • opera opera_browser 9.62
  • opera opera_browser 9.63
  • opera opera_browser 9.64
  • opera opera_browser 10.00
  • opera opera_browser 10.01
  • opera opera_browser 10.10
  • opera opera_browser 10.11
  • opera opera_browser 10.20
  • opera opera_browser 10.50
  • opera opera_browser 10.51
  • opera opera_browser 10.52
  • opera opera_browser 10.53
  • opera opera_browser 10.54
  • opera opera_browser 10.60
  • opera opera_browser 10.61
  • opera opera_browser 10.62
  • opera opera_browser 10.63
  • opera opera_browser 11.00
  • opera opera_browser 11.01
  • opera opera_browser 11.10
  • opera opera_browser 11.11
  • opera opera_browser 11.50
  • opera opera_browser 11.51
  • opera opera_browser 11.52
  • opera opera_browser 11.52.1100
  • opera opera_browser 11.60
  • opera opera_browser 11.61
  • opera opera_browser 11.62
  • opera opera_browser 11.64
  • opera opera_browser 11.65
  • opera opera_browser 11.66
  • opera opera_browser 12.00
  • opera opera_browser 12.01
  • opera opera_browser 12.02
  • opera opera_browser 12.10
  • opera opera_browser 12.11

Ease of attack

CVE-2012-6470:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

Not known

False negatives

Not known

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References