The same happens on my machine (Win2000 Server, Opera 5.12). Closes all windows and is terminated without any notification. When I relaunch Opera I'm asked how to start because the last session was terminated abnormally. Michael Erl > -----Original Message----- > From: Holmes, Ben [mailto:Ben.Holmesat_private] > Sent: Tuesday, October 23, 2001 10:53 AM > To: Vuln-Dev (E-mail) > Subject: Opera Browser goes Crash > > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I usually use Opera browser (it truly is a fast browser), and > it just closed > when I went to a link... > > The link was "http://www.malware.com/hello.html" > > In Netscape, it is supposed to play a sound file... > > In I.E it just comes up and allows to view source. > > The source is basically a small JavaScript part (and that > should work fine), > but the other part is a large embedded sound file.. it is in > this form: > > '<embed src="data:audio/wav;base64,[Base 64 data of a sound file]" > autostart=true width=0 height=0 loop=true>' tag. > > It didn't seem to give an error message or anything.. if it > was overflowing > a buffer I'd usually expect that it would generate a windows > error message > when it gets random junk like this... But it just closes.. > completely and > gracefully... but it closes nevertheless.. > > I am thinking: > > A> It is a configuration problem on this PC... It decodes the > Base 64 (or > goes to) but some plug in or system it uses to play the file > or decode it > that is possibly specific to this PC dies. > > B> The length of the embed tag is too long and overflows an > internal buffer > and jumps right to a close (either graciously, or by super good error > checking routines)... Or something else happens that makes > windows not > notice that a program is doing wierd_funky_things (tm) > > C> The "embed" tag is touchy and its implementation is bad, > this doesn't > seem the case though, because if I make the [Base 64 data of > a sound file] > part much smaller, it just does the same as IE does. > > If it is "B"... is it exploitable in the form: > > '<embed src="data:audio/wav;base64,[Nasty > code][Padding][address of a jmp > esp]" autostart=true width=0 height=0 loop=true>' > > or some other such thing, that would cause "Nasty Code" to be > run in the > Opera process. > > Does it happen on anyone else's computer that runs Opera... or is this > little currently Opera specific DoS also "this computer" specific... > > - -- Benjamin Holmes > > E&OE. All spelling and grammatical errors are for your enjoyment and > entertainment only and are copyright Benjamin Holmes. > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> > Comment: Pee Gee Peeeeee! > > iQA/AwUBO9Uv/HLvuelW5gClEQLO5wCg+K5tXdKdWAiaEBj71BiYnks964wAoJP5 > VvPSGdUiC5c8kZ8/yhA5DZ06 > =XF0I > -----END PGP SIGNATURE----- >
This archive was generated by hypermail 2b30 : Wed Oct 24 2001 - 09:18:25 PDT