CVE-2011-2628

Opera < 11.11 - Remote Code Execution via FRAMESET Element Handling

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-2628. PoCs published by Jose A. Vazquez.

AI-analyzed exploit summary This is a Metasploit module exploiting a memory corruption vulnerability in Opera Browser versions 10.xx and 11.xx (CVE-2011-2628) via malformed frameset and iframe nesting. It achieves remote code execution (RCE) on vulnerable systems, particularly Windows XP SP3 with DEP disabled.

Description

Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to page unload.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Jose A. Vazquez · rubyremotewindows
https://www.exploit-db.com/exploits/17936

This is a Metasploit module exploiting a memory corruption vulnerability in Opera Browser versions 10.xx and 11.xx (CVE-2011-2628) via malformed frameset and iframe nesting. It achieves remote code execution (RCE) on vulnerable systems, particularly Windows XP SP3 with DEP disabled.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Racy
Target: Opera Browser v10.00-v10.63, v11.00-v11.10
No auth needed
Prerequisites: Vulnerable Opera Browser version · Network access to target · User interaction (crash-dialog interaction may be required)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/unix/1111/
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/windows/1111/
Vendor Advisory x_refsource_confirm
http://www.opera.com/docs/changelogs/mac/1111/
Vendor Advisory x_refsource_confirm
http://www.opera.com/support/kb/view/992/
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8425

Scores

EPSS 0.1327
EPSS Percentile 95.9%

Details

CWE
CWE-20
Status published
Products (30)
opera/opera_browser 5.0 (8 CPE variants)
opera/opera_browser 5.02
opera/opera_browser 5.10
opera/opera_browser 5.11
opera/opera_browser 5.12
opera/opera_browser 6.0 (6 CPE variants)
opera/opera_browser 6.1 (2 CPE variants)
opera/opera_browser 6.01
opera/opera_browser 6.02
opera/opera_browser 6.03
... and 20 more
Published Jul 01, 2011
Tracked Since Feb 18, 2026