CVE-2007-4367
published 2007-08-15CVE-2007-4367: Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer."
PriorityP269critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
8.25%
94.2th percentile
Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opera | opera_browser | < 9.23 | 9.23 |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8w89-3rvr-hm3w: Opera before 9
ghsa_unreviewed·2022-05-01
CVE-2007-4367 [HIGH] CWE-763 GHSA-8w89-3rvr-hm3w: Opera before 9
Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer."
VulnCheck
opera opera_browser Release of Invalid Pointer or Reference
vulncheck·2007·CVSS 9.3
CVE-2007-4367 [CRITICAL] opera opera_browser Release of Invalid Pointer or Reference
opera opera_browser Release of Invalid Pointer or Reference
Opera before 9.23 allows remote attackers to execute arbitrary code via crafted Javascript that triggers a "virtual function call on an invalid pointer."
Affected: opera opera_browser
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.virusbulletin.com/virusbulletin/2010/05/exploit-kit-explosion-part-two-vectors-attack/
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://lists.opensuse.org/opensuse-security-announce/2007-08/msg00006.htmlhttp://secunia.com/advisories/26477http://secunia.com/advisories/26545http://secunia.com/advisories/26635http://security.gentoo.org/glsa/glsa-200708-17.xmlhttp://www.opera.com/support/search/view/865/http://www.securityfocus.com/bid/25331http://www.securitytracker.com/id?1018572http://www.vupen.com/english/advisories/2007/2904https://exchange.xforce.ibmcloud.com/vulnerabilities/36039http://lists.opensuse.org/opensuse-security-announce/2007-08/msg00006.htmlhttp://secunia.com/advisories/26477http://secunia.com/advisories/26545http://secunia.com/advisories/26635http://security.gentoo.org/glsa/glsa-200708-17.xmlhttp://www.opera.com/support/search/view/865/http://www.securityfocus.com/bid/25331http://www.securitytracker.com/id?1018572http://www.vupen.com/english/advisories/2007/2904https://exchange.xforce.ibmcloud.com/vulnerabilities/36039
2007-08-15
Published
Exploited in the wild