CVE-2008-4197
HIGHOpera < 9.52 - Remote Code Execution via Uninitialized Memory in Custom Shortcut Commands
Title source: llmDescription
Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut.
References (15)
Core 15
Core References
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2416
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32538
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44552
Broken Link x_refsource_confirm
http://www.opera.com/docs/changelogs/solaris/952/
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1020720
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/30768
Broken Link x_refsource_confirm
http://www.opera.com/docs/changelogs/windows/952/
Broken Link x_refsource_confirm
http://www.opera.com/docs/changelogs/linux/952/
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/09/24/4
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/09/19/2
Broken Link, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31549
Issue Tracking x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=235298
Broken Link x_refsource_confirm
http://www.opera.com/docs/changelogs/freebsd/952/
Broken Link x_refsource_confirm
http://www.opera.com/support/search/view/894/
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200811-01.xml
Scores
CVSS v3
8.8
EPSS
0.0508
EPSS Percentile
89.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-908
Status
published
Products (1)
opera/opera_browser
< 9.52
Published
Sep 27, 2008
Tracked Since
Feb 18, 2026