Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Unpatched Opera 10.50 and below code execution vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Unpatched Opera 10.50 and below code execution vulnerability

Several mailing lists and readers (Juha-Matti) are reporting publicly available exploits for Opera 10.50 for Windows and below.  There actually seems to be at least two different vulnerabilities, both unpatched at this time.  One of them seems to be a DoS resulting in a browser crash, but the other looks like it will allow full code execution.  The vulnerability finders seem to indicate that these issues are known to exist in previous versions of the Opera also.  These are fairly serious and until Opera patches them, you may be well advised to stop using them for the time being.


-Kyle Haugsness


112 Posts
Mar 5th 2010 doesn't seem exploitable. Looking at Marcin's PoC(on SecurityFocus), you can write arbitrarily(EDI, which is bad), but IT SEEMS you can't control whats written(ESI).

Sign Up for Free or Log In to start participating in the conversation!