Vulnerability Name:

CVE-2007-5540 (CCN-37427)

Assigned:2007-10-17
Published:2007-10-17
Updated:2012-06-07
Summary:Unspecified vulnerability in Opera before 9.24 allows remote attackers to overwrite functions on pages from other domains and bypass the same-origin policy via unknown vectors.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-20
Vulnerability Consequences:Bypass Security
References:Source: CONFIRM
Type: UNKNOWN
http://bugs.gentoo.org/show_bug.cgi?id=196164

Source: MITRE
Type: CNA
CVE-2007-5540

Source: SUSE
Type: UNKNOWN
SUSE-SR:2007:022

Source: OSVDB
Type: UNKNOWN
38127

Source: CCN
Type: SA27277
Opera Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
27277

Source: SECUNIA
Type: UNKNOWN
27399

Source: SECUNIA
Type: UNKNOWN
27431

Source: GENTOO
Type: UNKNOWN
GLSA-200710-31

Source: CCN
Type: GLSA-200710-31
Opera: Multiple vulnerabilities

Source: CCN
Type: Opera Software Knowledge Base Article 867
Advisory: Scripts can overwrite functions on pages from other domains

Source: CONFIRM
Type: UNKNOWN
http://www.opera.com/support/search/view/867/

Source: CCN
Type: OSVDB ID: 38127
Opera Cross Domain Function Overwrite Unspecified Issue

Source: BID
Type: UNKNOWN
26102

Source: CCN
Type: BID-26102
Opera Web Browser Frame Functions Same Origin Policy Bypass Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2007-3529

Source: XF
Type: UNKNOWN
opera-function-security-bypass(37427)

Source: SUSE
Type: SUSE-SR:2007:022
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:opera:opera_browser:1.00:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:2.00:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:2.10:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:2.10:beta1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:2.10:beta2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:2.10:beta3:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:2.12:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.00:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.00:beta:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.10:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.21:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.50:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.51:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.60:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.61:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.62:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:3.62:beta:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:4.00:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:4.00:beta2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:4.00:beta3:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:4.00:beta4:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:4.00:beta5:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:4.00:beta6:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:4.01:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:4.02:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.0:beta4:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.0:beta5:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.0:beta6:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.0:beta7:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.0:beta8:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.02:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.10:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.11:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:5.12:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.0:tp1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.0:tp2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.0:tp3:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.01:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.1:beta1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.02:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.03:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.04:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.05:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.06:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.11:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:6.12:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.0:beta1_v2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.01:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.02:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.03:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.10:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.10:beta1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.11:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.11:beta2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.20:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.20:beta7:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.21:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.22:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.23:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.50:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.50:beta1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.51:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.52:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.53:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.54:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.54:update1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.54:update2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:7.60:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.0:beta3:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.01:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.02:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.50:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.51:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.52:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.53:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:8.54:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:9.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:9.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:9.01:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:9.02:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:9.10:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:9.12:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:9.20:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:9.20:beta1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:9.21:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:9.22:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:*:*:*:*:*:*:*:* (Version <= 9.23)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20075540
    V
    		CVE-2007-5540
    2015-11-16
    BACK
    opera opera browser 1.00
    opera opera browser 2.00
    opera opera browser 2.10
    opera opera browser 2.10 beta1
    opera opera browser 2.10 beta2
    opera opera browser 2.10 beta3
    opera opera browser 2.12
    opera opera browser 3.00
    opera opera browser 3.00 beta
    opera opera browser 3.10
    opera opera browser 3.21
    opera opera browser 3.50
    opera opera browser 3.51
    opera opera browser 3.60
    opera opera browser 3.61
    opera opera browser 3.62
    opera opera browser 3.62 beta
    opera opera browser 4.00
    opera opera browser 4.00 beta2
    opera opera browser 4.00 beta3
    opera opera browser 4.00 beta4
    opera opera browser 4.00 beta5
    opera opera browser 4.00 beta6
    opera opera browser 4.01
    opera opera browser 4.02
    opera opera browser 5.0
    opera opera browser 5.0 beta2
    opera opera browser 5.0 beta3
    opera opera browser 5.0 beta4
    opera opera browser 5.0 beta5
    opera opera browser 5.0 beta6
    opera opera browser 5.0 beta7
    opera opera browser 5.0 beta8
    opera opera browser 5.02
    opera opera browser 5.10
    opera opera browser 5.11
    opera opera browser 5.12
    opera opera browser 6.0
    opera opera browser 6.0 beta1
    opera opera browser 6.0 beta2
    opera opera browser 6.0 tp1
    opera opera browser 6.0 tp2
    opera opera browser 6.0 tp3
    opera opera browser 6.01
    opera opera browser 6.1
    opera opera browser 6.1 beta1
    opera opera browser 6.02
    opera opera browser 6.03
    opera opera browser 6.04
    opera opera browser 6.05
    opera opera browser 6.06
    opera opera browser 6.11
    opera opera browser 6.12
    opera opera browser 7.0
    opera opera browser 7.0 beta1
    opera opera browser 7.0 beta1_v2
    opera opera browser 7.0 beta2
    opera opera browser 7.01
    opera opera browser 7.02
    opera opera browser 7.03
    opera opera browser 7.10
    opera opera browser 7.10 beta1
    opera opera browser 7.11
    opera opera browser 7.11 beta2
    opera opera browser 7.20
    opera opera browser 7.20 beta7
    opera opera browser 7.21
    opera opera browser 7.22
    opera opera browser 7.23
    opera opera browser 7.50
    opera opera browser 7.50 beta1
    opera opera browser 7.51
    opera opera browser 7.52
    opera opera browser 7.53
    opera opera browser 7.54
    opera opera browser 7.54 update1
    opera opera browser 7.54 update2
    opera opera browser 7.60
    opera opera browser 8.0
    opera opera browser 8.0 beta1
    opera opera browser 8.0 beta2
    opera opera browser 8.0 beta3
    opera opera browser 8.01
    opera opera browser 8.02
    opera opera browser 8.50
    opera opera browser 8.51
    opera opera browser 8.52
    opera opera browser 8.53
    opera opera browser 8.54
    opera opera browser 9.0
    opera opera browser 9.0 beta1
    opera opera browser 9.0 beta2
    opera opera browser 9.01
    opera opera browser 9.02
    opera opera browser 9.10
    opera opera browser 9.12
    opera opera browser 9.20
    opera opera browser 9.20 beta1
    opera opera browser 9.21
    opera opera browser 9.22
    opera opera browser *