lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <449C5949.2842.153D424B@lsaplai_list.shaw.ca>
Date: Fri, 23 Jun 2006 21:12:41 -0700
From: Laurent <lsaplai_list@...w.ca>
To: bugtraq@...urityfocus.com
Subject: Re: Opera 9 DoS PoC


On 22 Jun 2006 at 10:36, Darren Clarke wrote:

> Tested and confirmed on Opera 9.00 built 8482.
> Interesting this also managed to crash Notepad.exe on Windows XP SP2
> Home Edition when viewing the source of the page in IE7 Beta 2.
> 

Discussed here http://my.opera.com/community/forums/topic.dml?id=144635 on the Opera 
Security forum. This seems to be more of a crash bug than a DoS and doesn't seem to be 
exploitable to execute any code (according to Opera people).

Crashing Notepad? Whouaou! how can that be?

Cheers!

> Darren Clarke
> IT / Comms Admin
> 
> ---------------------------------------------------------------------
> Critical Security advisory #009 [http://www.critical.lt]
> Advisory can be reached: http://www.critical.lt/?vuln/349
> 
> We are: N9, bigb0u, cybergoth, iglOo, mircia, Povilas
> Shouts to Lithuanian girlz! and our friends ;]
> 
> Product: Opera 9 (8.x is immune to this)
> Vuln type: Denial of Service
> Risk: moderated
> Attack type: Remote
> 
> Details:
> 
> Vulnerability can be exploited by using a large value in a href tag to
> create an out-of-bounds memory access.
> 
> Proof Of Concept DoS exploit:
> http://www.critical.lt/research/opera_die_happy.html
> 
> Research was originaly done by Povilas Tum&#279;nas a.k.a. N9
> 
> P.S. To Opera Team, we like your browser and want it to be as good as possible.
> 




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ