CVE-2008-4197 Information

Description

Opera before 9.52 on Windows Linux FreeBSD and Solaris when processing custom shortcut and menu commands can produce argument strings that contain uninitialized memory which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut.

Reference

http://bugs.gentoo.org/show_bug.cgi?id=235298 http://secunia.com/advisories/31549 http://secunia.com/advisories/32538 http://security.gentoo.org/glsa/glsa-200811-01.xml http://www.openwall.com/lists/oss-security/2008/09/19/2 http://www.openwall.com/lists/oss-security/2008/09/24/4 http://www.opera.com/docs/changelogs/freebsd/952/ http://www.opera.com/docs/changelogs/linux/952/ http://www.opera.com/docs/changelogs/solaris/952/ http://www.opera.com/docs/changelogs/windows/952/ http://www.opera.com/support/search/view/894/ http://www.securityfocus.com/bid/30768 http://www.securitytracker.com/id?1020720 http://www.vupen.com/english/advisories/2008/2416 https://exchange.xforce.ibmcloud.com/vulnerabilities/44552