,

<a href="http://news.mitosa.net" title=" , "> </a>


2 Opera

15:47 23.06.2006
Opera 1 , 1 .

1) - JPEG . JPEG .

URL : www.opera.com

: (9.0) .


http://www.vigilantminds.com/advi_detail.php?id=45

Description of Issue
An integer overflow vulnerability exists in the Opera Web Browser due to the improper handling of JPEG files.

If excessively large height and width values are specified in certain fields of a JPEG file, an integer overflow may cause Opera to allocate insufficient memory for the image. This will lead to a buffer overflow when the image is loaded into memory, which can be exploited to execute arbitrary code.

Affected Systems

* Opera 8.54 and Earlier

Potential Impact
Remote Code Execution

Remediation Action
It is recommended that users upgrade to Opera 9.00, which addresses this vulnerability. Additionally, users should exercise caution while accessing the web, and should do so from accounts with limited privileges.

2) href <a>. . :

<a href="http://aaaaaaaa...aaa

- http://www.critical.lt/research/opera_die_happy.html

: .

http://www.critical.lt/?vuln/349

We are: N9, bigb0u, cybergoth, iglOo, mircia, Povilas
Shouts to Lithuanian girlz! and our friends ;]

Product: Opera 9 (8.x is immune to this)
Vulnerability type: Out-of-bounds memory access via specially crafted HTML file
Risk: moderated
Attack type: Remote

Details:

Vulnerability can be exploited by using a large value in a href tag to create an out-of-bounds memory access.

Solution:

Currently none.



: ixbt.com



.
Copyright 2005 MitoSa.NET