9.3
CVE-2008-4197
- EPSS 6.34%
- Veröffentlicht 27.09.2008 10:30:03
- Zuletzt bearbeitet 16.06.2026 22:57:21
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Opera ≫ Opera Browser Version < 9.52
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 6.34% | 0.927 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-908 Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.
http://secunia.com/advisories/31549
http://secunia.com/advisories/32538
http://security.gentoo.org/glsa/glsa-200811-01.xml
http://www.openwall.com/lists/oss-security/2008/09/19/2
http://www.openwall.com/lists/oss-security/2008/09/24/4
http://www.opera.com/docs/changelogs/freebsd/952/
http://www.opera.com/docs/changelogs/linux/952/
http://www.opera.com/docs/changelogs/solaris/952/
http://www.opera.com/docs/changelogs/windows/952/
http://www.securityfocus.com/bid/30768
http://www.vupen.com/english/advisories/2008/2416
http://bugs.gentoo.org/show_bug.cgi?id=235298
http://www.opera.com/support/search/view/894/
http://www.securitytracker.com/id?1020720
https://exchange.xforce.ibmcloud.com/vulnerabilities/44552