CVE-2004-1615
CVSS2.6
发布时间 :2004-10-18 00:00:00
修订时间 :2016-10-17 22:57:41
NMCOS    

[原文]Opera allows remote attackers to cause a denial of service (invalid memory reference and application crash) via a web page or HTML email that contains a TBODY tag with a large COL SPAN value, as demonstrated by mangleme.


[CNNVD]Opera Browser TBODY COL SPA内存破坏服务拒绝漏洞(CNNVD-200410-028)

        Opera存在漏洞。远程攻击者可以借助包含带有超大COL SPAN值的TBODY标签的网页或HTML邮件导致服务拒绝(无效内存引用和应用程序崩溃)。

- CVSS (基础分值)

CVSS分值: 2.6 [轻微(LOW)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:opera_software:opera_web_browser:7.0.2::win32
cpe:/a:opera_software:opera_web_browser:7.0.1::win32
cpe:/a:opera_software:opera_web_browser:7.51
cpe:/a:opera_software:opera_web_browser:7.0.3::win32
cpe:/a:opera_software:opera_web_browser:7.50
cpe:/a:opera_software:opera_web_browser:6.10::linux
cpe:/a:opera_software:opera_web_browser:7.53
cpe:/a:opera_software:opera_web_browser:7.52
cpe:/a:opera_software:opera_web_browser:6.0
cpe:/a:opera_software:opera_web_browser:7.11
cpe:/a:opera_software:opera_web_browser:7.10
cpe:/a:opera_software:opera_web_browser:7.54
cpe:/a:opera_software:opera_web_browser:6.0.2::linux
cpe:/a:opera_software:opera_web_browser:6.0.6::win32
cpe:/a:opera_software:opera_web_browser:6.0.3::linux
cpe:/a:opera_software:opera_web_browser:7.23
cpe:/a:opera_software:opera_web_browser:7.11b
cpe:/a:opera_software:opera_web_browser:6.0.1::linux
cpe:/a:opera_software:opera_web_browser:7.0::win32
cpe:/a:opera_software:opera_web_browser:6.0::win32
cpe:/a:opera_software:opera_web_browser:7.0_beta1::win32
cpe:/a:opera_software:opera_web_browser:7.11j
cpe:/a:opera_software:opera_web_browser:7.20
cpe:/a:opera_software:opera_web_browser:6.0.6
cpe:/a:opera_software:opera_web_browser:7.0_beta2::win32
cpe:/a:opera_software:opera_web_browser:7.22
cpe:/a:opera_software:opera_web_browser:7.21
cpe:/a:opera_software:opera_web_browser:6.0.5::win32
cpe:/a:opera_software:opera_web_browser:6.0.4::win32
cpe:/a:opera_software:opera_web_browser:6.0.3::win32
cpe:/a:opera_software:opera_web_browser:6.0.2::win32
cpe:/a:opera_software:opera_web_browser:6.0.1::win32
cpe:/a:opera_software:opera_web_browser:6.0.1
cpe:/a:opera_software:opera_web_browser:7.20_beta1_build2981

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1615
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1615
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200410-028
(官方数据源) CNNVD

- 其它链接及资源

http://lcamtuf.coredump.cx/mangleme/gallery/
(VENDOR_ADVISORY)  MISC  http://lcamtuf.coredump.cx/mangleme/gallery/
http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html
(VENDOR_ADVISORY)  FULLDISC  20041018 Web browsers - a mini-farce
http://marc.info/?l=bugtraq&m=109811406620511&w=2
(UNKNOWN)  BUGTRAQ  20041018 Web browsers - a mini-farce
http://www.securityfocus.com/bid/11441
(VENDOR_ADVISORY)  BID  11441
http://xforce.iss.net/xforce/xfdb/17806
(VENDOR_ADVISORY)  XF  opera-colspan-tbody-dos(17806)

- 漏洞信息

Opera Browser TBODY COL SPA内存破坏服务拒绝漏洞
低危 边界条件错误
2004-10-18 00:00:00 2005-10-20 00:00:00
远程  
        Opera存在漏洞。远程攻击者可以借助包含带有超大COL SPAN值的TBODY标签的网页或HTML邮件导致服务拒绝(无效内存引用和应用程序崩溃)。

- 公告与补丁

        This issue will be reportedly addressed in Opera 7.60.
        ---
        Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .

- 漏洞信息

11137
Opera TBODY Multiple COL SPAN Tag DoS
Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-10-18 Unknow
2004-10-18 Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Opera Browser TBODY COL SPAN Memory Corruption Denial Of Service Vulnerability
Boundary Condition Error 11441
Yes No
2004-10-18 12:00:00 2009-07-12 08:06:00
Discovery is credited to Michal Zalewski.

- 受影响的程序版本

Opera Software Opera Web Browser 7.54
Opera Software Opera Web Browser 7.53
Opera Software Opera Web Browser 7.52
Opera Software Opera Web Browser 7.51
Opera Software Opera Web Browser 7.50
Opera Software Opera Web Browser 7.23
Opera Software Opera Web Browser 7.22
Opera Software Opera Web Browser 7.21
Opera Software Opera Web Browser 7.20 Beta 1 build 2981
Opera Software Opera Web Browser 7.20
Opera Software Opera Web Browser 7.11 j
Opera Software Opera Web Browser 7.11 b
Opera Software Opera Web Browser 7.11
Opera Software Opera Web Browser 7.10
Opera Software Opera Web Browser 7.0 win32 Beta 2
Opera Software Opera Web Browser 7.0 win32 Beta 1
Opera Software Opera Web Browser 7.0 win32
Opera Software Opera Web Browser 7.0 3win32
Opera Software Opera Web Browser 7.0 2win32
Opera Software Opera Web Browser 7.0 1win32
Opera Software Opera Web Browser 6.10 linux
Opera Software Opera Web Browser 6.0.5 win32
Opera Software Opera Web Browser 6.0.4 win32
Opera Software Opera Web Browser 6.0.3 win32
Opera Software Opera Web Browser 6.0.3 linux
Opera Software Opera Web Browser 6.0.2 win32
Opera Software Opera Web Browser 6.0.2 linux
Opera Software Opera Web Browser 6.0.1 win32
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
- Microsoft Windows XP Professional
Opera Software Opera Web Browser 6.0.1 linux
Opera Software Opera Web Browser 6.0.1
Opera Software Opera Web Browser 6.0 win32
Opera Software Opera Web Browser 6.0 6
Opera Software Opera Web Browser 6.0 .6win32
Opera Software Opera Web Browser 6.0

- 漏洞讨论

A memory corruption vulnerability exists in Opera. This issue may be triggered if an excessive COL SPAN is specified in the TBODY tag. The issue could result in a minor denial of service condition.

- 漏洞利用

This issue was discovered with the mangleme Web fuzzer:

http://lcamtuf.coredump.cx/soft/mangleme.tgz

The following proof-of-concept is also available:

http://lcamtuf.coredump.cx/mangleme/gallery/opera_die1.html

---
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

This issue will be reportedly addressed in Opera 7.60.

---
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站