CVE-2007-0127

The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call.

🔗 References (20)

• cve@mitrehttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=458
• cve@mitrehttp://lists.suse.com/archive/suse-security-announce/2007-Jan/0009.html
• cve@mitrehttp://osvdb.org/31575
• cve@mitrehttp://secunia.com/advisories/23613
• cve@mitrehttp://secunia.com/advisories/23739
• cve@mitrehttp://secunia.com/advisories/23771
• cve@mitrehttp://securitytracker.com/id?1017473
• cve@mitrehttp://www.gentoo.org/security/en/glsa/glsa-200701-08.xml
• cve@mitrehttp://www.opera.com/support/search/supsearch.dml?index=851
• cve@mitrehttp://www.vupen.com/english/advisories/2007/0060
• af854a3a-2127-422b-91ae-364da2661108http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=458
• af854a3a-2127-422b-91ae-364da2661108http://lists.suse.com/archive/suse-security-announce/2007-Jan/0009.html
• af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/31575
• af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23613
• af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23739