| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 23 Jun 2006 21:12:41 -0700 From: Laurent <lsaplai_list@...w.ca> To: bugtraq@...urityfocus.com Subject: Re: Opera 9 DoS PoC On 22 Jun 2006 at 10:36, Darren Clarke wrote: > Tested and confirmed on Opera 9.00 built 8482. > Interesting this also managed to crash Notepad.exe on Windows XP SP2 > Home Edition when viewing the source of the page in IE7 Beta 2. > Discussed here http://my.opera.com/community/forums/topic.dml?id=144635 on the Opera Security forum. This seems to be more of a crash bug than a DoS and doesn't seem to be exploitable to execute any code (according to Opera people). Crashing Notepad? Whouaou! how can that be? Cheers! > Darren Clarke > IT / Comms Admin > > --------------------------------------------------------------------- > Critical Security advisory #009 [http://www.critical.lt] > Advisory can be reached: http://www.critical.lt/?vuln/349 > > We are: N9, bigb0u, cybergoth, iglOo, mircia, Povilas > Shouts to Lithuanian girlz! and our friends ;] > > Product: Opera 9 (8.x is immune to this) > Vuln type: Denial of Service > Risk: moderated > Attack type: Remote > > Details: > > Vulnerability can be exploited by using a large value in a href tag to > create an out-of-bounds memory access. > > Proof Of Concept DoS exploit: > http://www.critical.lt/research/opera_die_happy.html > > Research was originaly done by Povilas Tumėnas a.k.a. N9 > > P.S. To Opera Team, we like your browser and want it to be as good as possible. >
Powered by blists - more mailing lists