Opera Web Browser External Applications Arbitrary Code Execution Vulnerability

Bugtraq ID:	26100
Class:	Input Validation Error
CVE:	CVE-2007-5541
Remote:	Yes
Local:	No
Published:	Oct 17 2007 12:00AM
Updated:	Oct 31 2007 02:46PM
Credit:	Michael A. Puls II is credited with the discovery of this issue.
Vulnerable:	SuSE Linux 10.1 x86-64 SuSE Linux 10.1 x86 SuSE Linux 10.1 ppc SuSE Linux 10.0 x86-64 SuSE Linux 10.0 x86 SuSE Linux 10.0 ppc S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 Opera Software Opera Web Browser 8.51 Opera Software Opera Web Browser 8.50 Opera Software Opera Web Browser 8.0.2 Opera Software Opera Web Browser 8.0 2 Opera Software Opera Web Browser 8.0 1 Opera Software Opera Web Browser 8.0 Opera Software Opera Web Browser 7.54 Opera Software Opera Web Browser 7.53 Opera Software Opera Web Browser 7.52 Opera Software Opera Web Browser 7.51 Opera Software Opera Web Browser 7.50 Opera Software Opera Web Browser 7.23 Opera Software Opera Web Browser 7.22 Opera Software Opera Web Browser 7.21 Opera Software Opera Web Browser 7.20 Opera Software Opera Web Browser 7.11 Opera Software Opera Web Browser 7.10 Opera Software Opera Web Browser 6.0.1 Opera Software Opera Web Browser 6.0 6 Opera Software Opera Web Browser 6.0 Opera Software Opera Web Browser 5.12 Opera Software Opera Web Browser 9.23 Opera Software Opera Web Browser 9.22 Opera Software Opera Web Browser 9.21 Opera Software Opera Web Browser 9.20 Opera Software Opera Web Browser 9.10 Opera Software Opera Web Browser 9.02 Opera Software Opera Web Browser 9.01 Opera Software Opera Web Browser 9 Opera Software Opera Web Browser 8.54 Opera Software Opera Web Browser 8.52 Gentoo Linux
Not Vulnerable:	Opera Software Opera Web Browser 9.24

Opera Web Browser External Applications Arbitrary Code Execution Vulnerability

Opera Web Browser is prone to a vulnerability that lets attackers execute arbitrary code when the browser is configured to run external news readers or email clients.

Attackers can exploit this issue to execute arbitrary code with the privileges of the user running the affected application.

Versions prior to Opera for Desktop 9.24 are vulnerable.

Opera Web Browser External Applications Arbitrary Code Execution Vulnerability

Currently we are not aware of any working exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Opera Web Browser External Applications Arbitrary Code Execution Vulnerability

Solution:
The vendor released Opera Web Browser 9.24 to address this issue. Please see the references for more information.

Opera Web Browser External Applications Arbitrary Code Execution Vulnerability

References:

• Download Opera Web Browser (Opera Software)
  
• Opera Homepage (Opera Software)
  
• Advisory: External news readers and e-mail clients can be used to execute arbitr (Opera Software)