Description
Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by SEC Consult · textdoslinux
https://www.exploit-db.com/exploits/27641
References (11)
Core 11
Core References
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/17513
Exploit vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015912
Mailing List mailing-list
x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=114493114031891&w=2
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/windows/854/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25829
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/430876/100/0/threaded
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200606-01.xml
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1354
Exploit x_refsource_misc
http://www.sec-consult.com/259.html
Various Sources vendor-advisory
x_refsource_suse
http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20117
Scores
EPSS
0.1576
EPSS Percentile
94.8%
Details
CWE
CWE-189
Status
published
Products (27)
opera/opera_browser
1.00
opera/opera_browser
2.00
opera/opera_browser
2.10 (4 CPE variants)
opera/opera_browser
2.12
opera/opera_browser
3.00 (2 CPE variants)
opera/opera_browser
3.10
opera/opera_browser
3.21
opera/opera_browser
3.50
opera/opera_browser
3.51
opera/opera_browser
3.60
... and 17 more
Published
Apr 19, 2006
Tracked Since
Feb 18, 2026