CVE-2008-1081

EUVD-2008-1092
Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
operaopera_browser
𝑥
≤ 9.25
operaopera_browser
1.00
operaopera_browser
2.00
operaopera_browser
2.10
operaopera_browser
2.10:beta1
operaopera_browser
2.10:beta2
operaopera_browser
2.10:beta3
operaopera_browser
2.12
operaopera_browser
3.00
operaopera_browser
3.00:beta
operaopera_browser
3.10
operaopera_browser
3.21
operaopera_browser
3.50
operaopera_browser
3.51
operaopera_browser
3.60
operaopera_browser
3.61
operaopera_browser
3.62
operaopera_browser
3.62:beta
operaopera_browser
4.00
operaopera_browser
4.00:beta2
operaopera_browser
4.00:beta3
operaopera_browser
4.00:beta4
operaopera_browser
4.00:beta5
operaopera_browser
4.00:beta6
operaopera_browser
4.01
operaopera_browser
4.02
operaopera_browser
5.0
operaopera_browser
5.0:beta2
operaopera_browser
5.0:beta3
operaopera_browser
5.0:beta4
operaopera_browser
5.0:beta5
operaopera_browser
5.0:beta6
operaopera_browser
5.0:beta7
operaopera_browser
5.0:beta8
operaopera_browser
5.02
operaopera_browser
5.10
operaopera_browser
5.11
operaopera_browser
5.12
operaopera_browser
6.0
operaopera_browser
6.0:beta1
operaopera_browser
6.0:beta2
operaopera_browser
6.0:tp1
operaopera_browser
6.0:tp2
operaopera_browser
6.0:tp3
operaopera_browser
6.1
operaopera_browser
6.01
operaopera_browser
6.1:beta1
operaopera_browser
6.02
operaopera_browser
6.03
operaopera_browser
6.04
operaopera_browser
6.05
operaopera_browser
6.06
operaopera_browser
6.11
operaopera_browser
6.12
operaopera_browser
7.0
operaopera_browser
7.0:beta1
operaopera_browser
7.0:beta1_v2
operaopera_browser
7.0:beta2
operaopera_browser
7.01
operaopera_browser
7.02
operaopera_browser
7.03
operaopera_browser
7.10
operaopera_browser
7.10:beta1
operaopera_browser
7.11
operaopera_browser
7.11:beta2
operaopera_browser
7.20
operaopera_browser
7.20:beta7
operaopera_browser
7.21
operaopera_browser
7.22
operaopera_browser
7.23
operaopera_browser
7.50
operaopera_browser
7.50:beta1
operaopera_browser
7.51
operaopera_browser
7.52
operaopera_browser
7.53
operaopera_browser
7.54
operaopera_browser
7.54:update1
operaopera_browser
7.54:update2
operaopera_browser
7.60
operaopera_browser
8.0
operaopera_browser
8.0:beta1
operaopera_browser
8.0:beta2
operaopera_browser
8.0:beta3
operaopera_browser
8.01
operaopera_browser
8.02
operaopera_browser
8.50
operaopera_browser
8.51
operaopera_browser
8.52
operaopera_browser
8.53
operaopera_browser
8.54
operaopera_browser
9.0
operaopera_browser
9.0:beta1
operaopera_browser
9.0:beta2
operaopera_browser
9.01
operaopera_browser
9.02
operaopera_browser
9.10
operaopera_browser
9.12
operaopera_browser
9.20
operaopera_browser
9.20:beta1
operaopera_browser
9.21
operaopera_browser
9.22
operaopera_browser
9.23
operaopera_browser
9.24
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
opera
dapper
dne
edgy
ignored
feisty
ignored
gutsy
dne
hardy
not-affected
intrepid
not-affected
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00010.html
http://secunia.com/advisories/29029
http://secunia.com/advisories/29152
http://secunia.com/advisories/29178
http://security.gentoo.org/glsa/glsa-200803-09.xml
http://www.opera.com/docs/changelogs/linux/926/
http://www.opera.com/support/search/view/879/
http://www.securityfocus.com/bid/27901
http://www.vupen.com/english/advisories/2008/0622
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00010.html
http://secunia.com/advisories/29029
http://secunia.com/advisories/29152
http://secunia.com/advisories/29178
http://security.gentoo.org/glsa/glsa-200803-09.xml
http://www.opera.com/docs/changelogs/linux/926/
http://www.opera.com/support/search/view/879/
http://www.securityfocus.com/bid/27901
http://www.vupen.com/english/advisories/2008/0622