On 22 Jun 2006 at 10:36, Darren Clarke wrote: > Tested and confirmed on Opera 9.00 built 8482. > Interesting this also managed to crash Notepad.exe on Windows XP SP2 > Home Edition when viewing the source of the page in IE7 Beta 2. > Discussed here http://my.opera.com/community/forums/topic.dml?id=144635 on the Opera Security forum. This seems to be more of a crash bug than a DoS and doesn't seem to be exploitable to execute any code (according to Opera people). Crashing Notepad? Whouaou! how can that be? Cheers! > Darren Clarke > IT / Comms Admin > > --------------------------------------------------------------------- > Critical Security advisory #009 [http://www.critical.lt] > Advisory can be reached: http://www.critical.lt/?vuln/349 > > We are: N9, bigb0u, cybergoth, iglOo, mircia, Povilas > Shouts to Lithuanian girlz! and our friends ;] > > Product: Opera 9 (8.x is immune to this) > Vuln type: Denial of Service > Risk: moderated > Attack type: Remote > > Details: > > Vulnerability can be exploited by using a large value in a href tag to > create an out-of-bounds memory access. > > Proof Of Concept DoS exploit: > http://www.critical.lt/research/opera_die_happy.html > > Research was originaly done by Povilas Tumėnas a.k.a. N9 > > P.S. To Opera Team, we like your browser and want it to be as good as possible. >
