<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: Opera 9 DoS PoC

Opera 9 DoS PoC

From: <N9_at_critical.lt>
Date: 21 Jun 2006 03:39:09 -0000

('binary' encoding is not supported, stored as-is) Critical Security advisory #009 [http://www.critical.lt]
Advisory can be reached: http://www.critical.lt/?vuln/349

We are: N9, bigb0u, cybergoth, iglOo, mircia, Povilas
Shouts to Lithuanian girlz! and our friends ;]

Product: Opera 9 (8.x is immune to this)
Vuln type: Denial of Service
Risk: moderated
Attack type: Remote

Details:

Vulnerability can be exploited by using a large value in a href tag to create an out-of-bounds memory access.

Proof Of Concept DoS exploit:
http://www.critical.lt/research/opera_die_happy.html

Research was originaly done by Povilas Tumėnas a.k.a. N9

P.S. To Opera Team, we like your browser and want it to be as good as possible.
Received on Jun 21 2006

This message: [ Message body ]
Next message: k.huwig_at_iku-ag.de: "Bypassing of web filters by using ASCII"
Previous message: security_at_mandriva.com: "[ MDKSA-2006:108 ] - Updated xine-lib packages fix buffer overflow vulnerabilities"
Next in thread: Darren Clarke: "Re: Opera 9 DoS PoC"
Maybe reply: Darren Clarke: "Re: Opera 9 DoS PoC"
Reply: Bruno Lustosa: "Re: Opera 9 DoS PoC"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]