Vulnerability Name: | CVE-2007-3929 (CCN-35509) | ||||||||
Assigned: | 2007-07-19 | ||||||||
Published: | 2007-07-19 | ||||||||
Updated: | 2022-02-26 | ||||||||
Summary: | Use-after-free vulnerability in the BitTorrent support in Opera before 9.22 allows user-assisted remote attackers to execute arbitrary code via a crafted header in a torrent file, which leaves a dangling pointer to an invalid object. | ||||||||
CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-416 | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2007-3929 Source: IDEFENSE Type: Broken Link, Vendor Advisory 20070719 Opera Software Opera Web Browser BitTorrent Dangling Pointer Vulnerability Source: CCN Type: SA26138 Opera BitTorrent Header Parsing Vulnerability Source: SECUNIA Type: Broken Link, Patch 26138 Source: SECUNIA Type: Broken Link 26545 Source: GENTOO Type: Third Party Advisory GLSA-200708-17 Source: CCN Type: SECTRACK ID: 1018431 Opera BitTorrent Processing Bug Lets Remote Users Execute Arbitrary Code Source: CCN Type: GLSA-200708-17 Opera: Multiple vulnerabilities Source: SUSE Type: Broken Link SUSE-SR:2007:015 Source: CCN Type: Opera Web site Opera browser: Homepage Source: CONFIRM Type: Broken Link, Patch, Vendor Advisory http://www.opera.com/support/search/view/862/ Source: CCN Type: OSVDB ID: 38123 Opera BitTorrent File Header Parsing Use-after-free Arbitrary Code Execution Source: BID Type: Broken Link, Third Party Advisory, VDB Entry 24970 Source: CCN Type: BID-24970 Opera Web Browser Dangling Pointer Remote Code Execution Vulnerability Source: SECTRACK Type: Broken Link, Third Party Advisory, VDB Entry 1018431 Source: VUPEN Type: Broken Link ADV-2007-2584 Source: XF Type: Third Party Advisory, VDB Entry opera-bittorrent-code-execution(35509) Source: XF Type: UNKNOWN opera-bittorrent-code-execution(35509) Source: CCN Type: iDefense Labs PUBLIC ADVISORY: 07.19.07 Opera Software Opera Web Browser BitTorrent Dangling Pointer Vulnerability Source: SUSE Type: SUSE-SR:2007:015 SUSE Security Summary Report | ||||||||
Vulnerable Configuration: | Configuration 1:![]() | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |