CVE-2011-2628

Opera Browser < 11.10 - Improper Input Validation

Title source: rule

Description

Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to page unload.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jose A. Vazquez · rubyremotewindows

https://www.exploit-db.com/exploits/17936

View Code ZIP pw:eip

References (5)

[Vendor Advisory] http://www.opera.com/docs/changelogs/unix/1111/

[Vendor Advisory] http://www.opera.com/docs/changelogs/windows/1111/

[Vendor Advisory] http://www.opera.com/docs/changelogs/mac/1111/

[Vendor Advisory] http://www.opera.com/support/kb/view/992/

[Third Party Advisory] http://securityreason.com/securityalert/8425

Scores

EPSS 0.1188

EPSS Percentile 93.8%

Details

CWE

CWE-20

Status published

Products (30)

opera/opera_browser 5.0 (8 CPE variants)

opera/opera_browser 5.02

opera/opera_browser 5.10

opera/opera_browser 5.11

opera/opera_browser 5.12

opera/opera_browser 6.0 (6 CPE variants)

opera/opera_browser 6.1 (2 CPE variants)

opera/opera_browser 6.01

opera/opera_browser 6.02

opera/opera_browser 6.03

... and 20 more

Published Jul 01, 2011

Tracked Since Feb 18, 2026