Re: Opera 9 DoS PoC

[Laurent <lsaplai_list@xxxxxxx>]

On 22 Jun 2006 at 10:36, Darren Clarke wrote:

> Tested and confirmed on Opera 9.00 built 8482.
> Interesting this also managed to crash Notepad.exe on Windows XP SP2
> Home Edition when viewing the source of the page in IE7 Beta 2.
> 

Discussed here http://my.opera.com/community/forums/topic.dml?id=144635 on the 
Opera 
Security forum. This seems to be more of a crash bug than a DoS and doesn't 
seem to be 
exploitable to execute any code (according to Opera people).

Crashing Notepad? Whouaou! how can that be?

Cheers!

> Darren Clarke
> IT / Comms Admin
> 
> ---------------------------------------------------------------------
> Critical Security advisory #009 [http://www.critical.lt]
> Advisory can be reached: http://www.critical.lt/?vuln/349
> 
> We are: N9, bigb0u, cybergoth, iglOo, mircia, Povilas
> Shouts to Lithuanian girlz! and our friends ;]
> 
> Product: Opera 9 (8.x is immune to this)
> Vuln type: Denial of Service
> Risk: moderated
> Attack type: Remote
> 
> Details:
> 
> Vulnerability can be exploited by using a large value in a href tag to
> create an out-of-bounds memory access.
> 
> Proof Of Concept DoS exploit:
> http://www.critical.lt/research/opera_die_happy.html
> 
> Research was originaly done by Povilas Tumėnas a.k.a. N9
> 
> P.S. To Opera Team, we like your browser and want it to be as good as 
> possible.
>