CVE-2007-0127

Current Description

The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call.

Basic Data

PublishedJanuary 09, 2007
Last ModifiedMarch 07, 2011
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-94
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.3
SeverityHIGH
Exploitability Score8.6
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationOperaOpera Browser1.00*******
    2.3ApplicationOperaOpera Browser2.00*******
    2.3ApplicationOperaOpera Browser2.10*******
    2.3ApplicationOperaOpera Browser2.10beta1******
    2.3ApplicationOperaOpera Browser2.10beta2******
    2.3ApplicationOperaOpera Browser2.10beta3******
    2.3ApplicationOperaOpera Browser2.12*******
    2.3ApplicationOperaOpera Browser3.00*******
    2.3ApplicationOperaOpera Browser3.00beta******
    2.3ApplicationOperaOpera Browser3.10*******
    2.3ApplicationOperaOpera Browser3.21*******
    2.3ApplicationOperaOpera Browser3.50*******
    2.3ApplicationOperaOpera Browser3.51*******
    2.3ApplicationOperaOpera Browser3.60*******
    2.3ApplicationOperaOpera Browser3.61*******
    2.3ApplicationOperaOpera Browser3.62*******
    2.3ApplicationOperaOpera Browser3.62beta******
    2.3ApplicationOperaOpera Browser4.00*******
    2.3ApplicationOperaOpera Browser4.00beta2******
    2.3ApplicationOperaOpera Browser4.00beta3******
    2.3ApplicationOperaOpera Browser4.00beta4******
    2.3ApplicationOperaOpera Browser4.00beta5******
    2.3ApplicationOperaOpera Browser4.00beta6******
    2.3ApplicationOperaOpera Browser4.01*******
    2.3ApplicationOperaOpera Browser4.02*******
    2.3ApplicationOperaOpera Browser5.0*******
    2.3ApplicationOperaOpera Browser5.0beta2******
    2.3ApplicationOperaOpera Browser5.0beta3******
    2.3ApplicationOperaOpera Browser5.0beta4******
    2.3ApplicationOperaOpera Browser5.0beta5******
    2.3ApplicationOperaOpera Browser5.0beta6******
    2.3ApplicationOperaOpera Browser5.0beta7******
    2.3ApplicationOperaOpera Browser5.0beta8******
    2.3ApplicationOperaOpera Browser5.02*******
    2.3ApplicationOperaOpera Browser5.10*******
    2.3ApplicationOperaOpera Browser5.11*******
    2.3ApplicationOperaOpera Browser5.12*******
    2.3ApplicationOperaOpera Browser6.0*******
    2.3ApplicationOperaOpera Browser6.0beta1******
    2.3ApplicationOperaOpera Browser6.0beta2******
    2.3ApplicationOperaOpera Browser6.0tp1******
    2.3ApplicationOperaOpera Browser6.0tp2******
    2.3ApplicationOperaOpera Browser6.0tp3******
    2.3ApplicationOperaOpera Browser6.01*******
    2.3ApplicationOperaOpera Browser6.1*******
    2.3ApplicationOperaOpera Browser6.1beta1******
    2.3ApplicationOperaOpera Browser6.02*******
    2.3ApplicationOperaOpera Browser6.03*******
    2.3ApplicationOperaOpera Browser6.04*******
    2.3ApplicationOperaOpera Browser6.05*******
    2.3ApplicationOperaOpera Browser6.06*******
    2.3ApplicationOperaOpera Browser6.11*******
    2.3ApplicationOperaOpera Browser6.12*******
    2.3ApplicationOperaOpera Browser7.0*******
    2.3ApplicationOperaOpera Browser7.0beta1******
    2.3ApplicationOperaOpera Browser7.0beta1_v2******
    2.3ApplicationOperaOpera Browser7.0beta2******
    2.3ApplicationOperaOpera Browser7.01*******
    2.3ApplicationOperaOpera Browser7.02*******
    2.3ApplicationOperaOpera Browser7.03*******
    2.3ApplicationOperaOpera Browser7.10*******
    2.3ApplicationOperaOpera Browser7.10beta1******
    2.3ApplicationOperaOpera Browser7.11*******
    2.3ApplicationOperaOpera Browser7.11beta2******
    2.3ApplicationOperaOpera Browser7.20*******
    2.3ApplicationOperaOpera Browser7.20beta7******
    2.3ApplicationOperaOpera Browser7.21*******
    2.3ApplicationOperaOpera Browser7.22*******
    2.3ApplicationOperaOpera Browser7.23*******
    2.3ApplicationOperaOpera Browser7.50*******
    2.3ApplicationOperaOpera Browser7.50beta1******
    2.3ApplicationOperaOpera Browser7.51*******
    2.3ApplicationOperaOpera Browser7.52*******
    2.3ApplicationOperaOpera Browser7.53*******
    2.3ApplicationOperaOpera Browser7.54*******
    2.3ApplicationOperaOpera Browser7.54update1******
    2.3ApplicationOperaOpera Browser7.54update2******
    2.3ApplicationOperaOpera Browser7.60*******
    2.3ApplicationOperaOpera Browser8.0*******
    2.3ApplicationOperaOpera Browser8.0beta1******
    2.3ApplicationOperaOpera Browser8.0beta2******
    2.3ApplicationOperaOpera Browser8.0beta3******
    2.3ApplicationOperaOpera Browser8.01*******
    2.3ApplicationOperaOpera Browser8.02*******
    2.3ApplicationOperaOpera Browser8.50*******
    2.3ApplicationOperaOpera Browser8.51*******
    2.3ApplicationOperaOpera Browser8.52*******
    2.3ApplicationOperaOpera Browser8.53*******
    2.3ApplicationOperaOpera Browser8.54*******
    2.3ApplicationOperaOpera Browser9.0*******
    2.3ApplicationOperaOpera Browser9.0beta1******
    2.3ApplicationOperaOpera Browser9.0beta2******
    2.3ApplicationOperaOpera Browser9.01*******
    2.3ApplicationOperaOpera Browser********9.02

Vulnerable Software List

VendorProductVersions
Opera Opera Browser *, 1.00, 2.00, 2.10, 2.12, 3.00, 3.10, 3.21, 3.50, 3.51, 3.60, 3.61, 3.62, 4.00, 4.01, 4.02, 5.0, 5.02, 5.10, 5.11, 5.12, 6.0, 6.01, 6.02, 6.03, 6.04, 6.05, 6.06, 6.1, 6.11, 6.12, 7.0, 7.01, 7.02, 7.03, 7.10, 7.11, 7.20, 7.21, 7.22, 7.23, 7.50, 7.51, 7.52, 7.53, 7.54, 7.60, 8.0, 8.01, 8.02, 8.50, 8.51, 8.52, 8.53, 8.54, 9.0, 9.01

References

NameSourceURLTags
20070105 Opera Software Opera Web Browser createSVGTransformFromMatrix Object Typecasting Vulnerabilityhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=458IDEFENSEPatch Vendor Advisory
SUSE-SA:2007:009http://lists.suse.com/archive/suse-security-announce/2007-Jan/0009.htmlSUSE
31575http://osvdb.org/31575OSVDB
23613http://secunia.com/advisories/23613SECUNIAPatch Vendor Advisory
23739http://secunia.com/advisories/23739SECUNIAVendor Advisory
23771http://secunia.com/advisories/23771SECUNIAVendor Advisory
1017473http://securitytracker.com/id?1017473SECTRACK
GLSA-200701-08http://www.gentoo.org/security/en/glsa/glsa-200701-08.xmlGENTOO
http://www.opera.com/support/search/supsearch.dml?index=851http://www.opera.com/support/search/supsearch.dml?index=851CONFIRM
ADV-2007-0060http://www.vupen.com/english/advisories/2007/0060VUPEN