CVE-2012-6470 : Detail

CVE-2012-6470

Overflow
71.69%V3
Network
2013-01-02
11h00 +00:00
2024-09-16
16h13 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image.

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Metrics

Metrics Score Severity CVSS Vector Source
V2 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Exploit information

Exploit Database EDB-ID : 23107

Publication date : 2012-12-02 23h00 +00:00
Author : coolkaveh
EDB Verified : Yes

Title : Opera Web Browser 12.11 WriteAV Vulnerability Version : 12.11 Build 1661 and 12.12 Date : 2012-12-03 Vendor : http://www.opera.com/ Impact : High Contact : coolkaveh [at] rocketmail.com Twitter : @coolkaveh tested : windows XP SP3 Author : coolkaveh ##################################################################################################################### Opera is a web browser and Internet suite developed by Opera Software with over 270 million users worldwide. The browser handles common Internet-related tasks such as displaying web sites, sending and receiving e-mail Messages, managing contacts, chatting on IRC, downloading files via BitTorrent, and reading web feeds. Opera is Offered free of charge for personal computers and mobile phones. ##################################################################################################################### Bug : ---- Heap corruption during the handling of the Gif files context-dependent Successful exploits can allow attackers to execute arbitrary code ---- ###################################################################################################################### (f00.704): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=00000b0b ebx=0000000b ecx=0000100b edx=042bc048 esi=0417ffff edi=00141048 eip=67237c8b esp=0012e3d8 ebp=0000001e iopl=0 nv up ei ng nz na po cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010283 *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Opera\Opera.dll - Opera!OpSetLaunchMan+0xb69f5: 67237c8b 880e mov byte ptr [esi],cl ds:0023:0417ffff=?? 0:000>!exploitable -v eax=00000b0b ebx=0000000b ecx=0000100b edx=042bc048 esi=0417ffff edi=00141048 eip=67237c8b esp=0012e3d8 ebp=0000001e iopl=0 nv up ei ng nz na po cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010283 Opera!OpSetLaunchMan+0xb69f5: 67237c8b 880e mov byte ptr [esi],cl ds:0023:0417ffff=?? HostMachine\HostUser Executing Processor Architecture is x86 Debuggee is in User Mode Debuggee is a live user mode debugging session on the local machine Event Type: Exception *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\WINMM.dll - Exception Faulting Address: 0x417ffff First Chance Exception Type: STATUS_ACCESS_VIOLATION (0xC0000005) Exception Sub-Type: Write Access Violation Exception Hash (Major/Minor): 0x63712c74.0x0c14230f Stack Trace: Opera!OpSetLaunchMan+0xb69f5 Opera!OpSetLaunchMan+0xb66fc Opera!OpSetLaunchMan+0xb644a Opera!OpSetLaunchMan+0x38f4d Opera!OpSetLaunchMan+0x1b7b3 Opera!OpSetLaunchMan+0x20a498 Opera!OpSetLaunchMan+0x1fb4e3 Opera!OpSetLaunchMan+0x1fb5d5 Opera!OpSetLaunchMan+0x16d0c1 ntdll!RtlRemoveVectoredExceptionHandler+0x2a2 ntdll!RtlAllocateHeap+0x117 Opera!OpSetLaunchMan+0x1503b9 ntdll!RtlRemoveVectoredExceptionHandler+0x823 ntdll!RtlFreeHeap+0x130 WINMM!timeGetTime+0x2c Instruction Address: 0x0000000067237c8b Description: User Mode Write AV Short Description: WriteAV Exploitability Classification: EXPLOITABLE Recommended Bug Title: Exploitable - User Mode Write AV starting at Opera!OpSetLaunchMan+0x00000000000b69f5 (Hash=0x63712c74.0x0c14230f) User mode write access violations that are not near NULL are exploitable. ################################################################################ Proof of concept included. http://www21.zippyshare.com/v/83302158/file.html Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/23107.zip

Products Mentioned

Configuraton 0

Opera>>Opera_browser >> Version To (including) 12.11

Opera>>Opera_browser >> Version 1.00

Opera>>Opera_browser >> Version 2.00

Opera>>Opera_browser >> Version 2.10

Opera>>Opera_browser >> Version 2.10

Opera>>Opera_browser >> Version 2.10

Opera>>Opera_browser >> Version 2.10

Opera>>Opera_browser >> Version 2.12

Opera>>Opera_browser >> Version 3.00

Opera>>Opera_browser >> Version 3.00

Opera>>Opera_browser >> Version 3.10

Opera>>Opera_browser >> Version 3.21

Opera>>Opera_browser >> Version 3.50

Opera>>Opera_browser >> Version 3.51

Opera>>Opera_browser >> Version 3.60

Opera>>Opera_browser >> Version 3.61

Opera>>Opera_browser >> Version 3.62

Opera>>Opera_browser >> Version 3.62

Opera>>Opera_browser >> Version 4.00

Opera>>Opera_browser >> Version 4.00

Opera>>Opera_browser >> Version 4.00

Opera>>Opera_browser >> Version 4.00

Opera>>Opera_browser >> Version 4.00

Opera>>Opera_browser >> Version 4.00

Opera>>Opera_browser >> Version 4.01

Opera>>Opera_browser >> Version 4.02

Opera>>Opera_browser >> Version 5.0

Opera>>Opera_browser >> Version 5.0

Opera>>Opera_browser >> Version 5.0

Opera>>Opera_browser >> Version 5.0

Opera>>Opera_browser >> Version 5.0

Opera>>Opera_browser >> Version 5.0

Opera>>Opera_browser >> Version 5.0

Opera>>Opera_browser >> Version 5.0

Opera>>Opera_browser >> Version 5.02

Opera>>Opera_browser >> Version 5.10

Opera>>Opera_browser >> Version 5.11

Opera>>Opera_browser >> Version 5.12

Opera>>Opera_browser >> Version 6.0

Opera>>Opera_browser >> Version 6.0

Opera>>Opera_browser >> Version 6.0

Opera>>Opera_browser >> Version 6.0

Opera>>Opera_browser >> Version 6.0

Opera>>Opera_browser >> Version 6.0

Opera>>Opera_browser >> Version 6.0

Opera>>Opera_browser >> Version 6.1

Opera>>Opera_browser >> Version 6.01

Opera>>Opera_browser >> Version 6.1

Opera>>Opera_browser >> Version 6.02

Opera>>Opera_browser >> Version 6.03

Opera>>Opera_browser >> Version 6.04

Opera>>Opera_browser >> Version 6.05

Opera>>Opera_browser >> Version 6.06

Opera>>Opera_browser >> Version 6.11

Opera>>Opera_browser >> Version 6.12

Opera>>Opera_browser >> Version 7.0

Opera>>Opera_browser >> Version 7.0

Opera>>Opera_browser >> Version 7.0

Opera>>Opera_browser >> Version 7.0

Opera>>Opera_browser >> Version 7.01

Opera>>Opera_browser >> Version 7.02

Opera>>Opera_browser >> Version 7.03

Opera>>Opera_browser >> Version 7.10

Opera>>Opera_browser >> Version 7.10

Opera>>Opera_browser >> Version 7.11

Opera>>Opera_browser >> Version 7.11

Opera>>Opera_browser >> Version 7.20

Opera>>Opera_browser >> Version 7.20

Opera>>Opera_browser >> Version 7.21

Opera>>Opera_browser >> Version 7.22

Opera>>Opera_browser >> Version 7.23

Opera>>Opera_browser >> Version 7.50

Opera>>Opera_browser >> Version 7.50

Opera>>Opera_browser >> Version 7.51

Opera>>Opera_browser >> Version 7.52

Opera>>Opera_browser >> Version 7.53

Opera>>Opera_browser >> Version 7.54

Opera>>Opera_browser >> Version 7.54

Opera>>Opera_browser >> Version 7.54

Opera>>Opera_browser >> Version 7.60

Opera>>Opera_browser >> Version 8.0

Opera>>Opera_browser >> Version 8.0

Opera>>Opera_browser >> Version 8.0

Opera>>Opera_browser >> Version 8.0

Opera>>Opera_browser >> Version 8.01

Opera>>Opera_browser >> Version 8.02

Opera>>Opera_browser >> Version 8.50

Opera>>Opera_browser >> Version 8.51

Opera>>Opera_browser >> Version 8.52

Opera>>Opera_browser >> Version 8.53

Opera>>Opera_browser >> Version 8.54

Opera>>Opera_browser >> Version 9.0

Opera>>Opera_browser >> Version 9.0

Opera>>Opera_browser >> Version 9.0

Opera>>Opera_browser >> Version 9.01

Opera>>Opera_browser >> Version 9.02

Opera>>Opera_browser >> Version 9.10

Opera>>Opera_browser >> Version 9.12

Opera>>Opera_browser >> Version 9.20

Opera>>Opera_browser >> Version 9.20

Opera>>Opera_browser >> Version 9.21

Opera>>Opera_browser >> Version 9.22

Opera>>Opera_browser >> Version 9.23

Opera>>Opera_browser >> Version 9.24

Opera>>Opera_browser >> Version 9.25

Opera>>Opera_browser >> Version 9.26

Opera>>Opera_browser >> Version 9.27

Opera>>Opera_browser >> Version 9.50

Opera>>Opera_browser >> Version 9.50

Opera>>Opera_browser >> Version 9.50

Opera>>Opera_browser >> Version 9.51

Opera>>Opera_browser >> Version 9.52

Opera>>Opera_browser >> Version 9.60

Opera>>Opera_browser >> Version 9.60

Opera>>Opera_browser >> Version 9.61

Opera>>Opera_browser >> Version 9.62

Opera>>Opera_browser >> Version 9.63

Opera>>Opera_browser >> Version 9.64

Opera>>Opera_browser >> Version 10.00

Opera>>Opera_browser >> Version 10.00

Opera>>Opera_browser >> Version 10.00

Opera>>Opera_browser >> Version 10.00

Opera>>Opera_browser >> Version 10.00

Opera>>Opera_browser >> Version 10.01

Opera>>Opera_browser >> Version 10.10

Opera>>Opera_browser >> Version 10.10

Opera>>Opera_browser >> Version 10.11

Opera>>Opera_browser >> Version 10.20

Opera>>Opera_browser >> Version 10.50

Opera>>Opera_browser >> Version 10.50

Opera>>Opera_browser >> Version 10.50

Opera>>Opera_browser >> Version 10.51

Opera>>Opera_browser >> Version 10.52

Opera>>Opera_browser >> Version 10.52

Opera>>Opera_browser >> Version 10.52

Opera>>Opera_browser >> Version 10.53

Opera>>Opera_browser >> Version 10.53

Opera>>Opera_browser >> Version 10.53

Opera>>Opera_browser >> Version 10.54

Opera>>Opera_browser >> Version 10.60

Opera>>Opera_browser >> Version 10.60

Opera>>Opera_browser >> Version 10.60

Opera>>Opera_browser >> Version 10.61

Opera>>Opera_browser >> Version 10.62

Opera>>Opera_browser >> Version 10.63

Opera>>Opera_browser >> Version 11.00

Opera>>Opera_browser >> Version 11.00

Opera>>Opera_browser >> Version 11.01

Opera>>Opera_browser >> Version 11.10

Opera>>Opera_browser >> Version 11.10

Opera>>Opera_browser >> Version 11.11

Opera>>Opera_browser >> Version 11.50

Opera>>Opera_browser >> Version 11.50

Opera>>Opera_browser >> Version 11.51

Opera>>Opera_browser >> Version 11.52

Opera>>Opera_browser >> Version 11.52.1100

Opera>>Opera_browser >> Version 11.60

Opera>>Opera_browser >> Version 11.60

Opera>>Opera_browser >> Version 11.61

Opera>>Opera_browser >> Version 11.62

Opera>>Opera_browser >> Version 11.64

Opera>>Opera_browser >> Version 11.65

Opera>>Opera_browser >> Version 11.66

Opera>>Opera_browser >> Version 12.00

Opera>>Opera_browser >> Version 12.00

Opera>>Opera_browser >> Version 12.01

Opera>>Opera_browser >> Version 12.02

Opera>>Opera_browser >> Version 12.10

Opera>>Opera_browser >> Version 12.10

References