CVE-2008-4197
Gentoo Linux Security Advisory 200811-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut.
Opera anterior a v9.52 en Windows, Linux, FreeBSD y Solaris. Cuando se procesan accesos directos y comandos de menú habitualmente utilizados, puede producir cadenas de argumentos que contienen memoria no inicializada, lo cual puede permitir a atacantes remotos con la ayuda del usuario local ejecutar código de su elección o conducir otros ataques a través de vectores relacionados con la activación de un acceso directo.
Multiple vulnerabilities have been discovered in Opera, allowing for the execution of arbitrary code. Versions below 9.62 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-09-23 CVE Reserved
- 2008-09-27 CVE Published
- 2024-08-07 CVE Updated
- 2025-06-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-908: Use of Uninitialized Resource
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| http://bugs.gentoo.org/show_bug.cgi?id=235298 | Issue Tracking | |
| http://www.openwall.com/lists/oss-security/2008/09/19/2 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2008/09/24/4 | Mailing List |
|
| http://www.opera.com/docs/changelogs/freebsd/952 | Broken Link | |
| http://www.opera.com/docs/changelogs/linux/952 | Broken Link | |
| http://www.opera.com/docs/changelogs/solaris/952 | Broken Link | |
| http://www.opera.com/docs/changelogs/windows/952 | Broken Link | |
| http://www.opera.com/support/search/view/894 | Broken Link | |
| http://www.securityfocus.com/bid/30768 | Broken Link | |
| http://www.securitytracker.com/id?1020720 | Broken Link | |
| http://www.vupen.com/english/advisories/2008/2416 | Broken Link | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/44552 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/31549 | 2024-02-15 | |
| http://secunia.com/advisories/32538 | 2024-02-15 | |
| http://security.gentoo.org/glsa/glsa-200811-01.xml | 2024-02-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Opera Search vendor "Opera" | Opera Browser Search vendor "Opera" for product "Opera Browser" | < 9.52 Search vendor "Opera" for product "Opera Browser" and version " < 9.52" | - |
Affected
| in | Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | - | - |
Safe
|
| Opera Search vendor "Opera" | Opera Browser Search vendor "Opera" for product "Opera Browser" | < 9.52 Search vendor "Opera" for product "Opera Browser" and version " < 9.52" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Opera Search vendor "Opera" | Opera Browser Search vendor "Opera" for product "Opera Browser" | < 9.52 Search vendor "Opera" for product "Opera Browser" and version " < 9.52" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Opera Search vendor "Opera" | Opera Browser Search vendor "Opera" for product "Opera Browser" | < 9.52 Search vendor "Opera" for product "Opera Browser" and version " < 9.52" | - |
Affected
| in | Oracle Search vendor "Oracle" | Solaris Search vendor "Oracle" for product "Solaris" | - | - |
Safe
|