CVE-2012-6470 : Détail

CVE-2012-6470

Overflow
71.69%V3
Network
2013-01-02
11h00 +00:00
2024-09-16
16h13 +00:00
CVE.org
NVD
Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Gestion des notifications

Descriptions du CVE

Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image.

Informations du CVE

Faiblesses connexes

CWE-ID Nom de la faiblesse Source
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Métriques

Métriques Score Gravité CVSS Vecteur Source
V2 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C nvd@nist.gov

EPSS

EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.

Score EPSS

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Percentile EPSS

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
EPSS First.org

Informations sur l'Exploit

Exploit Database EDB-ID : 23107

Date de publication : 2012-12-02 23h00 +00:00
Auteur : coolkaveh
EDB Vérifié : Yes

Title : Opera Web Browser 12.11 WriteAV Vulnerability Version : 12.11 Build 1661 and 12.12 Date : 2012-12-03 Vendor : http://www.opera.com/ Impact : High Contact : coolkaveh [at] rocketmail.com Twitter : @coolkaveh tested : windows XP SP3 Author : coolkaveh ##################################################################################################################### Opera is a web browser and Internet suite developed by Opera Software with over 270 million users worldwide. The browser handles common Internet-related tasks such as displaying web sites, sending and receiving e-mail Messages, managing contacts, chatting on IRC, downloading files via BitTorrent, and reading web feeds. Opera is Offered free of charge for personal computers and mobile phones. ##################################################################################################################### Bug : ---- Heap corruption during the handling of the Gif files context-dependent Successful exploits can allow attackers to execute arbitrary code ---- ###################################################################################################################### (f00.704): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=00000b0b ebx=0000000b ecx=0000100b edx=042bc048 esi=0417ffff edi=00141048 eip=67237c8b esp=0012e3d8 ebp=0000001e iopl=0 nv up ei ng nz na po cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010283 *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Opera\Opera.dll - Opera!OpSetLaunchMan+0xb69f5: 67237c8b 880e mov byte ptr [esi],cl ds:0023:0417ffff=?? 0:000>!exploitable -v eax=00000b0b ebx=0000000b ecx=0000100b edx=042bc048 esi=0417ffff edi=00141048 eip=67237c8b esp=0012e3d8 ebp=0000001e iopl=0 nv up ei ng nz na po cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010283 Opera!OpSetLaunchMan+0xb69f5: 67237c8b 880e mov byte ptr [esi],cl ds:0023:0417ffff=?? HostMachine\HostUser Executing Processor Architecture is x86 Debuggee is in User Mode Debuggee is a live user mode debugging session on the local machine Event Type: Exception *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\WINMM.dll - Exception Faulting Address: 0x417ffff First Chance Exception Type: STATUS_ACCESS_VIOLATION (0xC0000005) Exception Sub-Type: Write Access Violation Exception Hash (Major/Minor): 0x63712c74.0x0c14230f Stack Trace: Opera!OpSetLaunchMan+0xb69f5 Opera!OpSetLaunchMan+0xb66fc Opera!OpSetLaunchMan+0xb644a Opera!OpSetLaunchMan+0x38f4d Opera!OpSetLaunchMan+0x1b7b3 Opera!OpSetLaunchMan+0x20a498 Opera!OpSetLaunchMan+0x1fb4e3 Opera!OpSetLaunchMan+0x1fb5d5 Opera!OpSetLaunchMan+0x16d0c1 ntdll!RtlRemoveVectoredExceptionHandler+0x2a2 ntdll!RtlAllocateHeap+0x117 Opera!OpSetLaunchMan+0x1503b9 ntdll!RtlRemoveVectoredExceptionHandler+0x823 ntdll!RtlFreeHeap+0x130 WINMM!timeGetTime+0x2c Instruction Address: 0x0000000067237c8b Description: User Mode Write AV Short Description: WriteAV Exploitability Classification: EXPLOITABLE Recommended Bug Title: Exploitable - User Mode Write AV starting at Opera!OpSetLaunchMan+0x00000000000b69f5 (Hash=0x63712c74.0x0c14230f) User mode write access violations that are not near NULL are exploitable. ################################################################################ Proof of concept included. http://www21.zippyshare.com/v/83302158/file.html Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/23107.zip

Products Mentioned

Configuraton 0

Opera>>Opera_browser >> Version To (including) 12.11

Opera>>Opera_browser >> Version 1.00

Opera>>Opera_browser >> Version 2.00

Opera>>Opera_browser >> Version 2.10

Opera>>Opera_browser >> Version 2.10

Opera>>Opera_browser >> Version 2.10

Opera>>Opera_browser >> Version 2.10

Opera>>Opera_browser >> Version 2.12

Opera>>Opera_browser >> Version 3.00

Opera>>Opera_browser >> Version 3.00

Opera>>Opera_browser >> Version 3.10

Opera>>Opera_browser >> Version 3.21

Opera>>Opera_browser >> Version 3.50

Opera>>Opera_browser >> Version 3.51

Opera>>Opera_browser >> Version 3.60

Opera>>Opera_browser >> Version 3.61

Opera>>Opera_browser >> Version 3.62

Opera>>Opera_browser >> Version 3.62

Opera>>Opera_browser >> Version 4.00

Opera>>Opera_browser >> Version 4.00

Opera>>Opera_browser >> Version 4.00

Opera>>Opera_browser >> Version 4.00

Opera>>Opera_browser >> Version 4.00

Opera>>Opera_browser >> Version 4.00

Opera>>Opera_browser >> Version 4.01

Opera>>Opera_browser >> Version 4.02

Opera>>Opera_browser >> Version 5.0

Opera>>Opera_browser >> Version 5.0

Opera>>Opera_browser >> Version 5.0

Opera>>Opera_browser >> Version 5.0

Opera>>Opera_browser >> Version 5.0

Opera>>Opera_browser >> Version 5.0

Opera>>Opera_browser >> Version 5.0

Opera>>Opera_browser >> Version 5.0

Opera>>Opera_browser >> Version 5.02

Opera>>Opera_browser >> Version 5.10

Opera>>Opera_browser >> Version 5.11

Opera>>Opera_browser >> Version 5.12

Opera>>Opera_browser >> Version 6.0

Opera>>Opera_browser >> Version 6.0

Opera>>Opera_browser >> Version 6.0

Opera>>Opera_browser >> Version 6.0

Opera>>Opera_browser >> Version 6.0

Opera>>Opera_browser >> Version 6.0

Opera>>Opera_browser >> Version 6.0

Opera>>Opera_browser >> Version 6.1

Opera>>Opera_browser >> Version 6.01

Opera>>Opera_browser >> Version 6.1

Opera>>Opera_browser >> Version 6.02

Opera>>Opera_browser >> Version 6.03

Opera>>Opera_browser >> Version 6.04

Opera>>Opera_browser >> Version 6.05

Opera>>Opera_browser >> Version 6.06

Opera>>Opera_browser >> Version 6.11

Opera>>Opera_browser >> Version 6.12

Opera>>Opera_browser >> Version 7.0

Opera>>Opera_browser >> Version 7.0

Opera>>Opera_browser >> Version 7.0

Opera>>Opera_browser >> Version 7.0

Opera>>Opera_browser >> Version 7.01

Opera>>Opera_browser >> Version 7.02

Opera>>Opera_browser >> Version 7.03

Opera>>Opera_browser >> Version 7.10

Opera>>Opera_browser >> Version 7.10

Opera>>Opera_browser >> Version 7.11

Opera>>Opera_browser >> Version 7.11

Opera>>Opera_browser >> Version 7.20

Opera>>Opera_browser >> Version 7.20

Opera>>Opera_browser >> Version 7.21

Opera>>Opera_browser >> Version 7.22

Opera>>Opera_browser >> Version 7.23

Opera>>Opera_browser >> Version 7.50

Opera>>Opera_browser >> Version 7.50

Opera>>Opera_browser >> Version 7.51

Opera>>Opera_browser >> Version 7.52

Opera>>Opera_browser >> Version 7.53

Opera>>Opera_browser >> Version 7.54

Opera>>Opera_browser >> Version 7.54

Opera>>Opera_browser >> Version 7.54

Opera>>Opera_browser >> Version 7.60

Opera>>Opera_browser >> Version 8.0

Opera>>Opera_browser >> Version 8.0

Opera>>Opera_browser >> Version 8.0

Opera>>Opera_browser >> Version 8.0

Opera>>Opera_browser >> Version 8.01

Opera>>Opera_browser >> Version 8.02

Opera>>Opera_browser >> Version 8.50

Opera>>Opera_browser >> Version 8.51

Opera>>Opera_browser >> Version 8.52

Opera>>Opera_browser >> Version 8.53

Opera>>Opera_browser >> Version 8.54

Opera>>Opera_browser >> Version 9.0

Opera>>Opera_browser >> Version 9.0

Opera>>Opera_browser >> Version 9.0

Opera>>Opera_browser >> Version 9.01

Opera>>Opera_browser >> Version 9.02

Opera>>Opera_browser >> Version 9.10

Opera>>Opera_browser >> Version 9.12

Opera>>Opera_browser >> Version 9.20

Opera>>Opera_browser >> Version 9.20

Opera>>Opera_browser >> Version 9.21

Opera>>Opera_browser >> Version 9.22

Opera>>Opera_browser >> Version 9.23

Opera>>Opera_browser >> Version 9.24

Opera>>Opera_browser >> Version 9.25

Opera>>Opera_browser >> Version 9.26

Opera>>Opera_browser >> Version 9.27

Opera>>Opera_browser >> Version 9.50

Opera>>Opera_browser >> Version 9.50

Opera>>Opera_browser >> Version 9.50

Opera>>Opera_browser >> Version 9.51

Opera>>Opera_browser >> Version 9.52

Opera>>Opera_browser >> Version 9.60

Opera>>Opera_browser >> Version 9.60

Opera>>Opera_browser >> Version 9.61

Opera>>Opera_browser >> Version 9.62

Opera>>Opera_browser >> Version 9.63

Opera>>Opera_browser >> Version 9.64

Opera>>Opera_browser >> Version 10.00

Opera>>Opera_browser >> Version 10.00

Opera>>Opera_browser >> Version 10.00

Opera>>Opera_browser >> Version 10.00

Opera>>Opera_browser >> Version 10.00

Opera>>Opera_browser >> Version 10.01

Opera>>Opera_browser >> Version 10.10

Opera>>Opera_browser >> Version 10.10

Opera>>Opera_browser >> Version 10.11

Opera>>Opera_browser >> Version 10.20

Opera>>Opera_browser >> Version 10.50

Opera>>Opera_browser >> Version 10.50

Opera>>Opera_browser >> Version 10.50

Opera>>Opera_browser >> Version 10.51

Opera>>Opera_browser >> Version 10.52

Opera>>Opera_browser >> Version 10.52

Opera>>Opera_browser >> Version 10.52

Opera>>Opera_browser >> Version 10.53

Opera>>Opera_browser >> Version 10.53

Opera>>Opera_browser >> Version 10.53

Opera>>Opera_browser >> Version 10.54

Opera>>Opera_browser >> Version 10.60

Opera>>Opera_browser >> Version 10.60

Opera>>Opera_browser >> Version 10.60

Opera>>Opera_browser >> Version 10.61

Opera>>Opera_browser >> Version 10.62

Opera>>Opera_browser >> Version 10.63

Opera>>Opera_browser >> Version 11.00

Opera>>Opera_browser >> Version 11.00

Opera>>Opera_browser >> Version 11.01

Opera>>Opera_browser >> Version 11.10

Opera>>Opera_browser >> Version 11.10

Opera>>Opera_browser >> Version 11.11

Opera>>Opera_browser >> Version 11.50

Opera>>Opera_browser >> Version 11.50

Opera>>Opera_browser >> Version 11.51

Opera>>Opera_browser >> Version 11.52

Opera>>Opera_browser >> Version 11.52.1100

Opera>>Opera_browser >> Version 11.60

Opera>>Opera_browser >> Version 11.60

Opera>>Opera_browser >> Version 11.61

Opera>>Opera_browser >> Version 11.62

Opera>>Opera_browser >> Version 11.64

Opera>>Opera_browser >> Version 11.65

Opera>>Opera_browser >> Version 11.66

Opera>>Opera_browser >> Version 12.00

Opera>>Opera_browser >> Version 12.00

Opera>>Opera_browser >> Version 12.01

Opera>>Opera_browser >> Version 12.02

Opera>>Opera_browser >> Version 12.10

Opera>>Opera_browser >> Version 12.10

Références