[VIM] opera_configoverwrite.rb
Steve Tornio
steve at vitriol.net
Fri Jul 23 12:33:25 CDT 2010
On Fri, Jul 23, 2010 at 11:44 AM, <dm at securityfocus.com> wrote:
> Does anybody (CVE, OSVDB, etc.) have a record for this vulnerability?
>
egyp7 asked me about this yesterday, because he was trying to track
down refs for it. All I could find was the metasploit module and the
corresponding exploit-db (9945). I created OSVDB 66472 to start
collecting information on it, but hadn't found any more than what's in
the metasploit module (current version -
https://www.metasploit.com/redmine/projects/framework/repository/revisions/9906/entry/modules/exploits/multi/browser/opera_configoverwrite.rb
)
>
> I can't find one in our VDB -- at least nothing specific enough to pin
> it to this exploit.
>
> It's been exploited in the wild by a few exploit packs, namely
> CRiMEPACK.
>
> I talked to someone at Opera and they haven't been able to reproduce
> it in 9.x versions (which it is supposed to affect). They're not sure
> exactly when it was fixed.
He couldn't remember if the issue was fixed in 9.10, or included 9.10,
and has since deleted the VM he was testing with. Since he wrote the
module as <= 9.10, I went with 9.10 as the last vulnerable version.
He does remember that the issue was fixed in a later release, whether
it's 9.10 or 9.20. He did get the exploit from mpack.
Thanks,
Steve
More information about the VIM
mailing list