cbcvebase.
CVE-2013-1638
published 2013-02-08

CVE-2013-1638: Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document.

PriorityP260critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
8.04%
94.1th percentile
Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document.

Affected

6 ranges
VendorProductVersion rangeFixed in
operaopera_browser<= 12.12
operaopera_browser
operaopera_browser
operaopera_browser
operaopera_browser
operaopera_browser

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://www.exploit-db.com/exploits/24448
  • Vulnerability is triggered via crafted SVG documents containing malicious clipPath elements; inspect SVG content served to Opera < 12.13 for nested or malformed <clipPath> definitions.
  • Use-After-Free crash manifests as a call through a dangling pointer at Opera module offset 0xf8583 (Opera_6b430000+0xbc998b); crash telemetry or exploit-kit traffic targeting this offset is indicative of exploitation.
  • The freed object at ECX=077c45e0 is largely zeroed (heap spray / controlled memory pattern); large blocks of null bytes followed by a vtable-like pointer (92 48 fe 7f) at the start of the freed chunk are characteristic of heap-spray exploitation of this UAF.
  • ·The exploit targets Opera versions prior to 12.13 only; Opera 12.13 and later are not affected by this specific SVG clipPath UAF code path.
  • ·The crash address (6b8c998b) and module base (Opera_6b430000) are specific to the tested build; ASLR or different Opera builds will shift these addresses, so signature-based detection should focus on the SVG payload structure rather than hardcoded addresses.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.