Re: Opera 9 DoS PoC
On 22 Jun 2006 at 10:36, Darren Clarke wrote:
> Tested and confirmed on Opera 9.00 built 8482.
> Interesting this also managed to crash Notepad.exe on Windows XP SP2
> Home Edition when viewing the source of the page in IE7 Beta 2.
>
Discussed here http://my.opera.com/community/forums/topic.dml?id=144635 on the
Opera
Security forum. This seems to be more of a crash bug than a DoS and doesn't
seem to be
exploitable to execute any code (according to Opera people).
Crashing Notepad? Whouaou! how can that be?
Cheers!
> Darren Clarke
> IT / Comms Admin
>
> ---------------------------------------------------------------------
> Critical Security advisory #009 [http://www.critical.lt]
> Advisory can be reached: http://www.critical.lt/?vuln/349
>
> We are: N9, bigb0u, cybergoth, iglOo, mircia, Povilas
> Shouts to Lithuanian girlz! and our friends ;]
>
> Product: Opera 9 (8.x is immune to this)
> Vuln type: Denial of Service
> Risk: moderated
> Attack type: Remote
>
> Details:
>
> Vulnerability can be exploited by using a large value in a href tag to
> create an out-of-bounds memory access.
>
> Proof Of Concept DoS exploit:
> http://www.critical.lt/research/opera_die_happy.html
>
> Research was originaly done by Povilas Tumėnas a.k.a. N9
>
> P.S. To Opera Team, we like your browser and want it to be as good as
> possible.
>