CVE-2008-4197

HIGH

Opera Browser < 9.52 - Use of Uninitialized Resource

Title source: rule

Description

Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut.

References (15)

[Issue Tracking] http://bugs.gentoo.org/show_bug.cgi?id=235298

[Broken Link, Vendor Advisory] http://secunia.com/advisories/31549

[Broken Link, Vendor Advisory] http://secunia.com/advisories/32538

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-200811-01.xml

[Mailing List] http://www.openwall.com/lists/oss-security/2008/09/19/2

[Mailing List] http://www.openwall.com/lists/oss-security/2008/09/24/4

[Broken Link] http://www.opera.com/docs/changelogs/freebsd/952/

[Broken Link] http://www.opera.com/docs/changelogs/linux/952/

[Broken Link] http://www.opera.com/docs/changelogs/solaris/952/

[Broken Link] http://www.opera.com/docs/changelogs/windows/952/

[Broken Link] http://www.opera.com/support/search/view/894/

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/30768

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1020720

[Broken Link] http://www.vupen.com/english/advisories/2008/2416

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/44552

Scores

CVSS v3 8.8

EPSS 0.0508

EPSS Percentile 89.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-908

Status draft

Affected Products (1)

opera/opera_browser < 9.52

Timeline

Published Sep 27, 2008

Tracked Since Feb 18, 2026