CVE-2012-4143

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog, a different vulnerability than CVE-2012-1924.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.opera.com/docs/changelogs/mac/1166/
http://www.opera.com/docs/changelogs/windows/1201/
http://www.opera.com/docs/changelogs/mac/1201/
http://www.opera.com/docs/changelogs/unix/1201/
http://www.opera.com/support/kb/view/1027/	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:opera:opera_browser:12.00:beta::::::
	cpe:2.3:a:opera:opera_browser::::::::

OR	cpe:2.3:o:microsoft:windows::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 (hide)

AND

OR	cpe:2.3:a:opera:opera_browser::::::::
	cpe:2.3:a:opera:opera_browser:11.64:::::::*
	cpe:2.3:a:opera:opera_browser:11.62:::::::*
	cpe:2.3:a:opera:opera_browser:11.00:beta::::::
	cpe:2.3:a:opera:opera_browser:11.01:::::::*
	cpe:2.3:a:opera:opera_browser:10.11:::::::*
	cpe:2.3:a:opera:opera_browser:10.52:beta2::::::
	cpe:2.3:a:opera:opera_browser:10.50:::::::*
	cpe:2.3:a:opera:opera_browser:10.10:beta1::::::
	cpe:2.3:a:opera:opera_browser:10.00:::::::*
	cpe:2.3:a:opera:opera_browser:10.00:beta2::::::
	cpe:2.3:a:opera:opera_browser:10.53:b::::::
	cpe:2.3:a:opera:opera_browser:10.10:::::::*
	cpe:2.3:a:opera:opera_browser:11.50:::::::*
	cpe:2.3:a:opera:opera_browser:11.60:::::::*
	cpe:2.3:a:opera:opera_browser:10.62:::::::*
	cpe:2.3:a:opera:opera_browser:11.50:beta::::::
	cpe:2.3:a:opera:opera_browser:11.52:::::::*
	cpe:2.3:a:opera:opera_browser:11.51:::::::*
	cpe:2.3:a:opera:opera_browser:11.10:beta::::::
	cpe:2.3:a:opera:opera_browser:10.60:beta1::::::
	cpe:2.3:a:opera:opera_browser:10.52:::::::*
	cpe:2.3:a:opera:opera_browser:11.61:::::::*
	cpe:2.3:a:opera:opera_browser:12.00:beta::::::
	cpe:2.3:a:opera:opera_browser:10.54:::::::*
	cpe:2.3:a:opera:opera_browser:10.50:beta1::::::
	cpe:2.3:a:opera:opera_browser:10.53:::::::*
	cpe:2.3:a:opera:opera_browser:12.00:::::::*
	cpe:2.3:a:opera:opera_browser:10.00:beta1::::::
	cpe:2.3:a:opera:opera_browser:10.52:beta1::::::
	cpe:2.3:a:opera:opera_browser:10.50:beta2::::::
	cpe:2.3:a:opera:opera_browser:10.60:::::::*
	cpe:2.3:a:opera:opera_browser:11.00:::::::*
	cpe:2.3:a:opera:opera_browser:11.52.1100:::::::*
	cpe:2.3:a:opera:opera_browser:10.61:::::::*
	cpe:2.3:a:opera:opera_browser:11.60:beta::::::
	cpe:2.3:a:opera:opera_browser:10.00:beta3::::::
	cpe:2.3:a:opera:opera_browser:11.10:::::::*
	cpe:2.3:a:opera:opera_browser:10.51:::::::*
	cpe:2.3:a:opera:opera_browser:10.53:beta1::::::
	cpe:2.3:a:opera:opera_browser:10.63:::::::*
	cpe:2.3:a:opera:opera_browser:10.01:::::::*
	cpe:2.3:a:opera:opera_browser:11.11:::::::*

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Information

Published : 2012-08-06 09:55

Updated : 2012-08-06 21:00

NVD link : CVE-2012-4143

Mitre link : CVE-2012-4143

JSON object : View

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

Products Affected

apple

mac_os_x

opera

opera_browser

microsoft

windows

linux

linux_kernel

6.8 /10