Vulnerability Name:

CVE-2007-0127 (CCN-31371)

Assigned:2007-01-05
Published:2007-01-05
Updated:2011-03-07
Summary:The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call.
CVSS v3 Severity:9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-94
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-0127

Source: IDEFENSE
Type: Patch, Vendor Advisory
20070105 Opera Software Opera Web Browser createSVGTransformFromMatrix Object Typecasting Vulnerability

Source: SUSE
Type: UNKNOWN
SUSE-SA:2007:009

Source: OSVDB
Type: UNKNOWN
31575

Source: CCN
Type: SA23613
Opera Browser Two Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
23613

Source: SECUNIA
Type: Vendor Advisory
23739

Source: SECUNIA
Type: Vendor Advisory
23771

Source: CCN
Type: SECTRACK ID: 1017473
Opera JPEG DHT Marker Buffer Overflow and createSVGTransformFromMatrix Request Validation Flaw Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1017473

Source: CCN
Type: GLSA-200701-08
Opera: Two remote code execution vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200701-08

Source: CCN
Type: Opera Web site
Download Opera Web Browser

Source: CONFIRM
Type: UNKNOWN
http://www.opera.com/support/search/supsearch.dml?index=851

Source: CCN
Type: OSVDB ID: 31575
Opera JavaScript createSVGTransformFromMatrix Request Arbitrary Code Exeution

Source: VUPEN
Type: UNKNOWN
ADV-2007-0060

Source: XF
Type: UNKNOWN
opera-createsvg-code-execution(31371)

Source: CCN
Type: iDefense Labs PUBLIC ADVISORY: 01.05.07
Opera Software Opera Web Browser createSVGTransformFromMatrix Object Typecasting Vulnerability

Source: SUSE
Type: SUSE-SA:2007:009
opera 9.10 security upgrade

Vulnerable Configuration:Configuration 1:
  • cpe:/a:opera:opera_browser:1.00:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:2.00:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:2.10:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:2.10:beta1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:2.10:beta2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:2.10:beta3:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:2.12:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.00:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.00:beta:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.10:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.21:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.50:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.51:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.60:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.61:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.62:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.62:beta:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:4.00:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:4.00:beta2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:4.00:beta3:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:4.00:beta4:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:4.00:beta5:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:4.00:beta6:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:4.01:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:4.02:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.0:beta5:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.0:beta6:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.0:beta7:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.0:beta8:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.02:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.10:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.11:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.12:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.0:tp1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.0:tp2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.0:tp3:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.01:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.1:beta1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.02:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.03:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.04:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.05:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.06:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.11:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.12:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.0:beta1_v2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.01:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.02:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.03:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.10:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.10:beta1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.11:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.11:beta2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.20:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.20:beta7:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.21:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.22:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.23:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.50:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.50:beta1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.51:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.52:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.53:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.54:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.54:update1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.54:update2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.60:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.01:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.02:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.50:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.51:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.52:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.53:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.54:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:9.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:9.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:9.01:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:*:*:*:*:*:*:*:* (Version <= 9.02)

    • Configuration CCN 1:
  • cpe:/a:opera:opera_browser:9.02:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20070127
    V
    		CVE-2007-0127
    2015-11-16
    BACK
    opera opera browser 1.00
    opera opera browser 2.00
    opera opera browser 2.10
    opera opera browser 2.10 beta1
    opera opera browser 2.10 beta2
    opera opera browser 2.10 beta3
    opera opera browser 2.12
    opera opera browser 3.00
    opera opera browser 3.00 beta
    opera opera browser 3.10
    opera opera browser 3.21
    opera opera browser 3.50
    opera opera browser 3.51
    opera opera browser 3.60
    opera opera browser 3.61
    opera opera browser 3.62
    opera opera browser 3.62 beta
    opera opera browser 4.00
    opera opera browser 4.00 beta2
    opera opera browser 4.00 beta3
    opera opera browser 4.00 beta4
    opera opera browser 4.00 beta5
    opera opera browser 4.00 beta6
    opera opera browser 4.01
    opera opera browser 4.02
    opera opera browser 5.0
    opera opera browser 5.0 beta2
    opera opera browser 5.0 beta3
    opera opera browser 5.0 beta4
    opera opera browser 5.0 beta5
    opera opera browser 5.0 beta6
    opera opera browser 5.0 beta7
    opera opera browser 5.0 beta8
    opera opera browser 5.02
    opera opera browser 5.10
    opera opera browser 5.11
    opera opera browser 5.12
    opera opera browser 6.0
    opera opera browser 6.0 beta1
    opera opera browser 6.0 beta2
    opera opera browser 6.0 tp1
    opera opera browser 6.0 tp2
    opera opera browser 6.0 tp3
    opera opera browser 6.01
    opera opera browser 6.1
    opera opera browser 6.1 beta1
    opera opera browser 6.02
    opera opera browser 6.03
    opera opera browser 6.04
    opera opera browser 6.05
    opera opera browser 6.06
    opera opera browser 6.11
    opera opera browser 6.12
    opera opera browser 7.0
    opera opera browser 7.0 beta1
    opera opera browser 7.0 beta1_v2
    opera opera browser 7.0 beta2
    opera opera browser 7.01
    opera opera browser 7.02
    opera opera browser 7.03
    opera opera browser 7.10
    opera opera browser 7.10 beta1
    opera opera browser 7.11
    opera opera browser 7.11 beta2
    opera opera browser 7.20
    opera opera browser 7.20 beta7
    opera opera browser 7.21
    opera opera browser 7.22
    opera opera browser 7.23
    opera opera browser 7.50
    opera opera browser 7.50 beta1
    opera opera browser 7.51
    opera opera browser 7.52
    opera opera browser 7.53
    opera opera browser 7.54
    opera opera browser 7.54 update1
    opera opera browser 7.54 update2
    opera opera browser 7.60
    opera opera browser 8.0
    opera opera browser 8.0 beta1
    opera opera browser 8.0 beta2
    opera opera browser 8.0 beta3
    opera opera browser 8.01
    opera opera browser 8.02
    opera opera browser 8.50
    opera opera browser 8.51
    opera opera browser 8.52
    opera opera browser 8.53
    opera opera browser 8.54
    opera opera browser 9.0
    opera opera browser 9.0 beta1
    opera opera browser 9.0 beta2
    opera opera browser 9.01
    opera opera browser *
    opera opera browser 9.02
    gentoo linux *
    suse suse linux 10.0
    suse suse linux 10.1
    novell opensuse 10.2
    suse suse linux 9.3