Vulnerability Name:

CVE-2010-1349 (CCN-56673)

Assigned:2010-03-03
Published:2010-03-03
Updated:2017-08-17
Summary:Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value, which triggers a heap overflow.
Per: http://my.opera.com/securitygroup/blog/2010/03/09/the-malformed-content-length-header-security-issue

'We also determined that the problem only existed in our Windows version. '
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.8 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-189
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2010-1349

Source: CONFIRM
Type: Vendor Advisory
http://my.opera.com/securitygroup/blog/2010/03/09/the-malformed-content-length-header-security-issue

Source: OSVDB
Type: UNKNOWN
62714

Source: CCN
Type: SA38820
Opera "Content-Length" Processing Buffer Overflow Vulnerability

Source: SECUNIA
Type: Vendor Advisory
38820

Source: CCN
Type: SECTRACK ID: 1023690
Opera Integer Overflow in Processing HTTP 'Content-Length' Reponses Lets Remote Users Execute Arbitrary Code

Source: EXPLOIT-DB
Type: Exploit
11622

Source: CCN
Type: Opera Web site
Opera 10.50 Web browser

Source: CONFIRM
Type: Vendor Advisory
http://www.opera.com/support/kb/view/948/

Source: CCN
Type: OSVDB ID: 62714
Opera HTTP Content-Length Header Handling Remote Overflow

Source: BID
Type: Exploit, Patch
38519

Source: CCN
Type: BID-38519
Opera Web Browser 'Content-Length' Header Integer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1023690

Source: VUPEN
Type: Patch, Vendor Advisory
ADV-2010-0529

Source: XF
Type: UNKNOWN
opera-contentlength-bo(56673)

Source: XF
Type: UNKNOWN
opera-contentlength-bo(56673)

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [03-03-2010]

Vulnerable Configuration:Configuration 1:
  • cpe:/a:opera:opera_browser:10.10:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:10.50:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:10.50:beta_1:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:10.50:beta_2:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:opera:opera_browser:10.01:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:10.10:*:*:*:*:*:*:*
  • OR cpe:/a:opera:opera_browser:10.50:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    opera opera browser 10.10
    opera opera browser 10.50
    opera opera browser 10.50 beta_1
    opera opera browser 10.50 beta_2
    microsoft windows *
    opera opera browser 10.01
    opera opera browser 10.10
    opera opera browser 10.50