Unpatched Opera 10.50 and below code execution vulnerability

Published: 2010-03-05. Last Updated: 2010-03-05 16:03:04 UTC
by Kyle Haugsness (Version: 1)
1 comment(s)

Several mailing lists and readers (Juha-Matti) are reporting publicly available exploits for Opera 10.50 for Windows and below.  There actually seems to be at least two different vulnerabilities, both unpatched at this time.  One of them seems to be a DoS resulting in a browser crash, but the other looks like it will allow full code execution.  The vulnerability finders seem to indicate that these issues are known to exist in previous versions of the Opera also.  These are fairly serious and until Opera patches them, you may be well advised to stop using them for the time being.

http://secunia.com/advisories/38820/

http://www.vupen.com/english/advisories/2010/0529

 

-Kyle Haugsness

Keywords: opera
1 comment(s)

Comments

http://secunia.com/advisories/38820/ doesn't seem exploitable. Looking at Marcin's PoC(on SecurityFocus), you can write arbitrarily(EDI, which is bad), but IT SEEMS you can't control whats written(ESI).

Diary Archives