Opera 9 DoS PoC

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Opera 9 DoS PoC
From: N9@xxxxxxxxxxx
Date: 21 Jun 2006 03:39:09 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Critical Security advisory #009 [http://www.critical.lt] 
Advisory can be reached: http://www.critical.lt/?vuln/349 

We are: N9, bigb0u, cybergoth, iglOo, mircia, Povilas  
Shouts to Lithuanian girlz! and our friends ;] 

Product: Opera 9 (8.x is immune to this) 
Vuln type: Denial of Service 
Risk: moderated 
Attack type: Remote  

Details: 

Vulnerability can be exploited by using a large value in a href tag to create 
an out-of-bounds memory access. 

Proof Of Concept DoS exploit:  
http://www.critical.lt/research/opera_die_happy.html 

Research was originaly done by Povilas Tum&#279;nas a.k.a. N9 

P.S. To Opera Team, we like your browser and want it to be as good as possible.

Follow-Ups:
- Re: Opera 9 DoS PoC
  - From: Bruno Lustosa

Prev by Date: Bypassing of web filters by using ASCII
Next by Date: Re: display.cgi
Previous by thread: Re: Bypassing of web filters by using ASCII
Next by thread: Re: Opera 9 DoS PoC
Index(es):
- Date
- Thread