Details of VAR-201006-1120

ID

VAR-201006-1120

CVE

CVE-2010-2666

TITLE

Windows and Mac OS X Run on Opera Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2010-002049

DESCRIPTION

Opera before 10.54 on Windows and Mac OS X does not properly enforce permission requirements for widget filesystem access and directory selection, which allows user-assisted remote attackers to create or modify arbitrary files, and consequently execute arbitrary code, via widget File I/O operations. Opera Web Browser is prone to multiple security vulnerabilities. The impact of these vulnerabilities has not been disclosed. We will update this BID when more information becomes available. Versions prior to Opera 10.54 are vulnerable. It supports multi-window browsing and a customizable user interface. ---------------------------------------------------------------------- Secunia CSI integrated with Microsoft WSUS and Microsoft SCCM for 3rd party Patch Management Free webinars http://secunia.com/vulnerability_scanning/corporate/webinars/ ---------------------------------------------------------------------- TITLE: Opera Multiple Unspecified Vulnerabilities SECUNIA ADVISORY ID: SA40250 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/40250/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=40250 RELEASE DATE: 2010-06-24 DISCUSS ADVISORY: http://secunia.com/advisories/40250/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/40250/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=40250 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities with an unknown impact have been reported in Opera. 1) A vulnerability is caused due to an unspecified error. 2) Another vulnerability is caused due to an unspecified error. 3) Another vulnerability is caused due to an unspecified error. 4) Another vulnerability is caused due to an unspecified error. SOLUTION: Update to version 10.54. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.opera.com/docs/changelogs/windows/1054/ http://www.opera.com/support/kb/view/954/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2010-2666 // JVNDB: JVNDB-2010-002049 // BID: 40973 // VULHUB: VHN-45271 // PACKETSTORM: 90927

AFFECTED PRODUCTS

vendor:	opera	model:	browser	scope:	eq	version:	10.52	Trust: 1.6
vendor:	opera	model:	browser	scope:	eq	version:	10.50	Trust: 1.6
vendor:	opera	model:	browser	scope:	eq	version:	6.0	Trust: 1.6
vendor:	opera	model:	browser	scope:	eq	version:	9.52	Trust: 1.6
vendor:	opera	model:	browser	scope:	eq	version:	9.51	Trust: 1.6
vendor:	opera	model:	browser	scope:	eq	version:	9.50	Trust: 1.6
vendor:	opera	model:	browser	scope:	eq	version:	5.10	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	8.53	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	7.53	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	9.25	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	8.50	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	7.23	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	9.23	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	6.02	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	9.20	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	5.12	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	9.26	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	6.01	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	7.21	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	9.63	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	10.10	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	7.22	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	7.60	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	8.0	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	8.02	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	9.64	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	9.60	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	8.01	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	8.54	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	9.02	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	6.05	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	5.0	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	8.52	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	7.20	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	9.61	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	5.11	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	7.54	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	7.03	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	9.62	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	10.51	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	10.01	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	9.10	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	7.50	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	6.06	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	7.10	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	9.12	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	7.02	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	7.01	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	10.00	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	6.03	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	5.02	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	7.51	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	9.24	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	7.11	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	9.22	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	7.52	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	9.21	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	9.27	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	6.04	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	8.51	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	9.01	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	7.0	Trust: 1.0
vendor:	opera	model:	browser	scope:	lte	version:	10.53	Trust: 1.0
vendor:	opera	model:	browser	scope:	eq	version:	9.0	Trust: 1.0
vendor:	opera asa	model:	opera	scope:	lt	version:	10.54	Trust: 0.8
vendor:	opera	model:	browser	scope:	eq	version:	10.53	Trust: 0.6
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.64	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.63	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.62	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.61	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.60	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.52	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.51	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.5	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.27	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.26	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.25	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.24	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.23	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.22	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.21	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.20	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.10	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.02	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9.01	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	9	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	10.53	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	10.52	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	10.51	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	10.50	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	10.10	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	10.1	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	10.01	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	eq	version:	10	Trust: 0.3
vendor:	opera	model:	software opera web browser	scope:	ne	version:	10.54	Trust: 0.3

sources: BID: 40973 // JVNDB: JVNDB-2010-002049 // CNNVD: CNNVD-201007-075 // NVD: CVE-2010-2666

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-2666
value:	HIGH
Trust: 1.0
NVD:	CVE-2010-2666
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201007-075
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-45271
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2010-2666
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-45271
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-45271 // JVNDB: JVNDB-2010-002049 // CNNVD: CNNVD-201007-075 // NVD: CVE-2010-2666

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-45271 // JVNDB: JVNDB-2010-002049 // NVD: CVE-2010-2666

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201007-075

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201007-075

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-002049

PATCH

title:	mac/1054	url:	http://www.opera.com/docs/changelogs/mac/1054	Trust: 0.8
title:	windows/1054	url:	http://www.opera.com/docs/changelogs/windows/1054	Trust: 0.8
title:	962	url:	http://www.opera.com/support/kb/view/962	Trust: 0.8

sources: JVNDB: JVNDB-2010-002049

EXTERNAL IDS

db:	NVD	id:	CVE-2010-2666	Trust: 2.8
db:	BID	id:	40973	Trust: 2.8
db:	SECUNIA	id:	40250	Trust: 2.6
db:	VUPEN	id:	ADV-2010-1529	Trust: 2.5
db:	JVNDB	id:	JVNDB-2010-002049	Trust: 0.8
db:	CNNVD	id:	CNNVD-201007-075	Trust: 0.7
db:	VULHUB	id:	VHN-45271	Trust: 0.1
db:	PACKETSTORM	id:	90927	Trust: 0.1

sources: VULHUB: VHN-45271 // BID: 40973 // JVNDB: JVNDB-2010-002049 // PACKETSTORM: 90927 // CNNVD: CNNVD-201007-075 // NVD: CVE-2010-2666

REFERENCES

url:	http://www.securityfocus.com/bid/40973	Trust: 2.5
url:	http://secunia.com/advisories/40250	Trust: 2.5
url:	http://www.vupen.com/english/advisories/2010/1529	Trust: 2.5
url:	http://www.opera.com/docs/changelogs/windows/1054/	Trust: 2.1
url:	http://www.opera.com/docs/changelogs/mac/1054/	Trust: 1.7
url:	http://www.opera.com/support/kb/view/962/	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11950	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2666	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2666	Trust: 0.8
url:	http://www.opera.com/	Trust: 0.3
url:	http://secunia.com/advisories/40250/#comments	Trust: 0.1
url:	http://secunia.com/products/corporate/evm/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/webinars/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://www.opera.com/support/kb/view/954/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=40250	Trust: 0.1
url:	http://secunia.com/advisories/40250/	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-45271 // BID: 40973 // JVNDB: JVNDB-2010-002049 // PACKETSTORM: 90927 // CNNVD: CNNVD-201007-075 // NVD: CVE-2010-2666

CREDITS

Opera

Trust: 0.6

sources: CNNVD: CNNVD-201007-075

SOURCES

db:	VULHUB	id:	VHN-45271
db:	BID	id:	40973
db:	JVNDB	id:	JVNDB-2010-002049
db:	PACKETSTORM	id:	90927
db:	CNNVD	id:	CNNVD-201007-075
db:	NVD	id:	CVE-2010-2666

LAST UPDATE DATE

2024-11-23T20:16:46.669000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-45271	date:	2018-10-30T00:00:00
db:	BID	id:	40973	date:	2015-04-13T21:02:00
db:	JVNDB	id:	JVNDB-2010-002049	date:	2010-09-27T00:00:00
db:	CNNVD	id:	CNNVD-201007-075	date:	2010-07-12T00:00:00
db:	NVD	id:	CVE-2010-2666	date:	2024-11-21T01:17:07.977

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-45271	date:	2010-07-08T00:00:00
db:	BID	id:	40973	date:	2010-06-21T00:00:00
db:	JVNDB	id:	JVNDB-2010-002049	date:	2010-09-27T00:00:00
db:	PACKETSTORM	id:	90927	date:	2010-06-24T15:46:36
db:	CNNVD	id:	CNNVD-201007-075	date:	2010-06-21T00:00:00
db:	NVD	id:	CVE-2010-2666	date:	2010-07-08T12:54:47.507