{"vuid":"VU#484380","idnumber":"484380","name":"Opera Web Browser fails to properly process overly long URLs","keywords":["Opera","Web Browser","heap-based buffer overflow","overly long URLs"],"overview":"The Opera Web Browser fails to properly process overly long URLs. This vulnerability may allow arbitrary code execution.","clean_desc":"Opera is a multi-platform web browser that is available for a range of operating systems and embedded Internet products. Opera contains a heap buffer overflow vulnerability in the way that it parses tags containing long URLs. This vulnerability could be exploited by a remote attacker with the ability to construct a web page containing a specially crafted malicious tag and the ability to coerce an Opera user into visiting the page.","impact":"A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user running the vulnerable version of Opera or cause the browser to crash, resulting in a denial-of-service condition.","resolution":"Update\nOpera has released an update to address this issue. See Opera Advisory 848 for more details.","workarounds":"Do not follow untrusted links Do not open unfamiliar or unexpected links, particularly those delivered in email messages. Please see Cyber Security Tip ST04-014.","sysaffected":"","thanks":"This vulnerability was reported in \nOpera Advisory 848 Opera credits \niDefense Labs\n for reporting this issue.","author":"This document was written by Chris Taschner.","public":["http://www.opera.com/support/search/supsearch.dml?index=848","http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=424","http://secunia.com/advisories/22218/"],"cveids":["CVE-2006-4819"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-10-18T19:57:40Z","publicdate":"2006-10-17T00:00:00Z","datefirstpublished":"2006-10-24T19:26:36Z","dateupdated":"2006-10-24T19:26:50Z","revision":14,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"8","cam_population":"7","cam_impact":"14","cam_easeofexploitation":"12","cam_attackeraccessrequired":"20","cam_scorecurrent":"10.143","cam_scorecurrentwidelyknown":"12.348","cam_scorecurrentwidelyknownexploited":"21.168","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":10.143,"vulnote":null}