Saturday, January 22, 2011

Critical vulnerability found in Opera browser

A critical vulnerability has been found in Opera browser by security researcher Jordi Chancel. The vulnerability can be used by an attacker to execute arbitrary code on vulnerable machines.The bug affects the latest version of Opera running on Windows 7, as well as Windows XP SP3. The vulnerability was confirmed and released by a French Security firm VUPEN.  The vulnerability exist in the current release of Opera i.e. 11.0 0 as well as in the previous release 10.63 and others.

VUPEN said in its advisory that this issue is caused by an integer truncation error within the Opera Internet Browser module “opera.dll” when handling a HTML “select” element containing an overly large number of children, which could allow remote attackers to execute arbitrary code by convincing a user to visit a specially crafted web page.
Jordi Chancel at his blog, describes that the bug gives clear evidence of memory corruption despite the fact that its operation could be quite complicated to make.It is also noteworthy that this crash is possible only through means of a minimal interaction from the user (like clicking on the desired item).

Piece of exploit code for the vulnerability:

He has also added a crash video at youtube . The security community is eagerly waiting for the public release of this vulnerability. It seems that the exploit code will only be release, once opera patches this vulnerability.

No comments:

Post a Comment