Seems that browser vulnerabilities are basically the new “black”. Everyone has to have one. In this case however, no one really wants one. With the obvious exception being the nefarious furry-toothed set. Here is a new one for the Opera browser that was released yesterday. Sadly I’m a bit off my game being sick/missing my vacation.
Secunia: “Description:
A vulnerability has been reported in Opera Web Browser, which can be exploited by malicious people to compromise a user’s system.
The vulnerability is caused due to a boundary error when processing overly long URLs. This can be exploited to cause a heap-based buffer overflow by passing an overly long URL (more than 256 bytes) in a tag.
Successful exploitation allows execution of arbitrary code when a user visits a malicious website.
The vulnerability is reported in versions 9.0 and 9.01 on Windows and Linux. Version 8.x is reportedly not affected.
Solution:
Update to version 9.02.
Provided and/or discovered by:
Discovered by an anonymous person and reported via iDefense Labs.
Original Advisory:
Opera Software:
http://www.opera.com/support/search/supsearch.dml?index=848
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=424 ”
[tags]Opera Browser, Browser Vulnerability, Buffer Overflow, Remote Exploit[/tags]
