| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <46713.80.58.4.235.1049765966.squirrel@www.vsantivirus.com> From: conde0 at telefonica.net (David F.Madrid) Subject: Unchecked Buffer in Opera 7.02 Tested version : Opera 7.02 Build 2668 Vendor Status : Vendor was contacted on 8-4-2003 Description : Opera web browser has an unchecked buffer in his code that allow a malicious website to crash it and in certain circumstances , execute code with user priviliges . To reproduce the bug open this link http://usuarios.lycos.es/idoru/aaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zip Opera crashes with an access violation . Instruction pointer EIP is overwritten by the file name converted to unicode . That makes only possible to reference certain addresses in memory to execute . To place your code to execute in a valid address you have to assign it to an enviroment variable .That place your code in an address that can be referenced by EIP ( ~00010040 ) -- Regards , David F.Madrid Madrid , Spain
Powered by blists - more mailing lists