cvelistv5 - cve-2007-0127

CVE-2007-0127 (GCVE-0-2007-0127)

Vulnerability from cvelistv5

Published

2007-01-09 02:00

Modified

2024-08-07 12:03

Severity ?

CWE

Summary

The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call.

References

URL

Tags

	http://osvdb.org/31575	vdb-entry, x_refsource_OSVDB
	http://www.opera.com/support/search/supsearch.dml?index=851	x_refsource_CONFIRM
	http://securitytracker.com/id?1017473	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/23613	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2007/0060	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/23739	third-party-advisory, x_refsource_SECUNIA
	http://www.gentoo.org/security/en/glsa/glsa-200701-08.xml	vendor-advisory, x_refsource_GENTOO
	http://secunia.com/advisories/23771	third-party-advisory, x_refsource_SECUNIA
	http://lists.suse.com/archive/suse-security-announce/2007-Jan/0009.html	vendor-advisory, x_refsource_SUSE
	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=458	third-party-advisory, x_refsource_IDEFENSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:03:37.464Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "31575",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/31575"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.opera.com/support/search/supsearch.dml?index=851"
          },
          {
            "name": "1017473",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017473"
          },
          {
            "name": "23613",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23613"
          },
          {
            "name": "ADV-2007-0060",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0060"
          },
          {
            "name": "23739",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23739"
          },
          {
            "name": "GLSA-200701-08",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-08.xml"
          },
          {
            "name": "23771",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23771"
          },
          {
            "name": "SUSE-SA:2007:009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0009.html"
          },
          {
            "name": "20070105 Opera Software Opera Web Browser createSVGTransformFromMatrix Object Typecasting Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=458"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-01-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-01-12T10:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "31575",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/31575"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.opera.com/support/search/supsearch.dml?index=851"
        },
        {
          "name": "1017473",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017473"
        },
        {
          "name": "23613",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23613"
        },
        {
          "name": "ADV-2007-0060",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0060"
        },
        {
          "name": "23739",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23739"
        },
        {
          "name": "GLSA-200701-08",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-08.xml"
        },
        {
          "name": "23771",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23771"
        },
        {
          "name": "SUSE-SA:2007:009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0009.html"
        },
        {
          "name": "20070105 Opera Software Opera Web Browser createSVGTransformFromMatrix Object Typecasting Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=458"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0127",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "31575",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/31575"
            },
            {
              "name": "http://www.opera.com/support/search/supsearch.dml?index=851",
              "refsource": "CONFIRM",
              "url": "http://www.opera.com/support/search/supsearch.dml?index=851"
            },
            {
              "name": "1017473",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017473"
            },
            {
              "name": "23613",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23613"
            },
            {
              "name": "ADV-2007-0060",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0060"
            },
            {
              "name": "23739",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23739"
            },
            {
              "name": "GLSA-200701-08",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200701-08.xml"
            },
            {
              "name": "23771",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23771"
            },
            {
              "name": "SUSE-SA:2007:009",
              "refsource": "SUSE",
              "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0009.html"
            },
            {
              "name": "20070105 Opera Software Opera Web Browser createSVGTransformFromMatrix Object Typecasting Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=458"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-0127",
    "datePublished": "2007-01-09T02:00:00.000Z",
    "dateReserved": "2007-01-08T00:00:00.000Z",
    "dateUpdated": "2024-08-07T12:03:37.464Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2007-AVI-013

Vulnerability from certfr_avis

None

Description

Deux vulnérabilités ont été identifiées dans le navigateur Web Opera.

La première concerne la manipulation par le navigateur des images au format JPG (pour Joint Photographic Experts Group). Il n'interpréterait pas correctement le marqueur DHT (Define Huffman Table(s)) d'une image, servant à la compression (ou décompression) de celle-ci. Un site compromis pourrait donc contenir sur une page une image JPG spécialement construite. La visite de cette page provoquerait sur le poste du visiteur un mauvais fonctionnement du navigateur, voire une exécution de code arbitraire.

La seconde concerne la manipulation par le navigateur des images au format SVG (pour Scalable Vector Graphics). Il ne vérifierait pas le paramètre passé à la fonction Javavascript createSVGTransformFromMatrix. Un site compromis pourrait donc contenir sur une page une image SVG spécialement construite. La visite de cette page via un navigateur ayant Javascript activé provoquerait sur le poste du visiteur l'exécution de code arbitraire avec les droits de ce dernier.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les versions du navigateur Opera antérieures à la 9.10.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Avis de sécurité Opera Software du 05 janvier 2007	None	vendor-advisory
Bulletin de sécurité Suse SUSE-SA:2007:009 du 15 janvier 2007 :	-	other
Documentation concernant le format JPEG en français :	-	other
Bulletin de sécurité Gentoo GLSA 200701-08 du 12 janvier 2007 :	-	other
Avis de sécurité 457 d'iDefense du 05 janvier 2007 :	-	other
Avis de sécurité Opera Software 851 du 05 janvier 2007 :	-	other
Avis de sécurité 458 d'iDefense du 05 janvier 2007 :	-	other
Avis de sécurité Opera Software 852 du 05 janvier 2007 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eLes versions du navigateur Opera ant\u00e9rieures \u00e0 la 9.10.\u003c/P\u003e",
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le navigateur Web Opera.\n\nLa premi\u00e8re concerne la manipulation par le navigateur des images au\nformat JPG (pour Joint Photographic Experts Group). Il n\u0027interpr\u00e9terait\npas correctement le marqueur DHT (Define Huffman Table(s)) d\u0027une image,\nservant \u00e0 la compression (ou d\u00e9compression) de celle-ci. Un site\ncompromis pourrait donc contenir sur une page une image JPG sp\u00e9cialement\nconstruite. La visite de cette page provoquerait sur le poste du\nvisiteur un mauvais fonctionnement du navigateur, voire une ex\u00e9cution de\ncode arbitraire.\n\nLa seconde concerne la manipulation par le navigateur des images au\nformat SVG (pour Scalable Vector Graphics). Il ne v\u00e9rifierait pas le\nparam\u00e8tre pass\u00e9 \u00e0 la fonction Javavascript createSVGTransformFromMatrix.\nUn site compromis pourrait donc contenir sur une page une image SVG\nsp\u00e9cialement construite. La visite de cette page via un navigateur ayant\nJavascript activ\u00e9 provoquerait sur le poste du visiteur l\u0027ex\u00e9cution de\ncode arbitraire avec les droits de ce dernier.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0126"
    },
    {
      "name": "CVE-2007-0127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0127"
    }
  ],
  "initial_release_date": "2007-01-09T00:00:00",
  "last_revision_date": "2007-01-23T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Suse SUSE-SA:2007:009 du 15 janvier    2007 :",
      "url": "http://lists.suse.com/archive/suse-security-announce/2007-Jan/0009.html"
    },
    {
      "title": "Documentation concernant le format JPEG en fran\u00e7ais :",
      "url": "https://kessel.ordrejedis.net/~neo/mathsIPrInfo.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 200701-08 du 12 janvier    2007 :",
      "url": "http://security.gentoo.org/glsa-200701-08.xml"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 457 d\u0027iDefense du 05 janvier 2007 :",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=457"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 Opera Software 851 du 05 janvier 2007 :",
      "url": "http://www.opera.com/support/search/supsearch.dml?index=851"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 458 d\u0027iDefense du 05 janvier 2007 :",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=458"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 Opera Software 852 du 05 janvier 2007 :",
      "url": "http://www.opera.com/support/search/supsearch.dml?index=852"
    }
  ],
  "reference": "CERTA-2007-AVI-013",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-01-09T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences CVE, Gentoo et Suse.",
      "revision_date": "2007-01-23T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": null,
  "title": "Plusieurs vuln\u00e9rabilit\u00e9s dans le navigateur Opera",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 Opera Software du 05 janvier 2007",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-0127 (GCVE-0-2007-0127)

Vulnerability from cvelistv5

CERTA-2007-AVI-013

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature