Test ID:	1.3.6.1.4.1.25623.1.0.14261
Category:	Windows
Title:	Opera remote location object cross-domain scripting vulnerability
Summary:	The remote host contains a web browser that is affected by; multiple flaws.;; Description :; The remote host is using Opera, an alternative web browser.; This version of Opera on the remote host fails to block write access to; the 'location' object. This could allow a user to create a specially; crafted URL to overwrite methods within the 'location' object that would; execute arbitrary code in a user's browser within the trust relationship; between the browser and the server, leading to a loss of confidentiality; and integrity.
Description:	Summary: The remote host contains a web browser that is affected by multiple flaws. Description : The remote host is using Opera, an alternative web browser. This version of Opera on the remote host fails to block write access to the 'location' object. This could allow a user to create a specially crafted URL to overwrite methods within the 'location' object that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of confidentiality and integrity. Solution: Upgrade to Opera 7.54 or newer. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-2570 BugTraq ID: 10873 http://www.securityfocus.com/bid/10873 http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0131.html http://www.gentoo.org/security/en/glsa/glsa-200408-05.xml http://www.greymagic.com/security/advisories/gm008-op/ http://osvdb.org/8331 http://secunia.com/advisories/12233 XForce ISS Database: opera-location-method-overwrite(16904) https://exchange.xforce.ibmcloud.com/vulnerabilities/16904
Copyright	Copyright (C) 2004 David Maciejak

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.