CVE-2007-4367

EXPLOITED

Opera <9.23 - RCE

Title source: llm

Description

Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer."

References (10)

[Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2007-08/msg00006.html

[Broken Link, Patch] http://secunia.com/advisories/26477

[Broken Link] http://secunia.com/advisories/26545

[Broken Link] http://secunia.com/advisories/26635

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-200708-17.xml

[Broken Link, Vendor Advisory] http://www.opera.com/support/search/view/865/

[Broken Link, Exploit, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/25331

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1018572

[Broken Link] http://www.vupen.com/english/advisories/2007/2904

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36039

Scores

EPSS 0.0751

EPSS Percentile 91.6%

Exploitation Intel

VulnCheck KEV 2010-05-01

Classification

CWE

CWE-763

Status draft

Affected Products (1)

opera/opera_browser < 9.23

Timeline

Published Aug 15, 2007

Tracked Since Feb 18, 2026