Tested version : Opera 7.02 Build 2668 Vendor Status : Vendor was contacted on 8-4-2003 Description : Opera web browser has an unchecked buffer in his code that allow a malicious website to crash it and in certain circumstances , execute code with user priviliges . To reproduce the bug open this link http://usuarios.lycos.es/idoru/aaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zip Opera crashes with an access violation . Instruction pointer EIP is overwritten by the file name converted to unicode . That makes only possible to reference certain addresses in memory to execute . To place your code to execute in a valid address you have to assign it to an enviroment variable .That place your code in an address that can be referenced by EIP ( ~00010040 ) -- Regards , David F. Madrid Madrid , Spain
This archive was generated by hypermail 2b30 : Tue Apr 08 2003 - 08:18:10 PDT