David Baxter PhD
Late Founder
Critical Bug Found in Opera Browser
by Dennis Fisher, Threatpost.com
January 21, 2011
There is a critical vulnerability in the Opera browser that could be used by an attacker to execute arbitrary code on vulnerable machines. The bug affects the latest version of Opera running on Windows 7, as well as Windows XP SP3.
The vulnerability surfaced Friday and it has been confirmed by researchers at VUPEN, a French security firm. The remote bug exists in version 11.00, which is the current release of Opera, as well as version 10.63 and earlier releases.
"A vulnerability has been identified in Opera, which could be exploited by remote attackers to take complete control of a vulnerable system. This issue is caused by an integer truncation error within the Opera Internet Browser module "opera.dll" when handling a HTML "select" element containing an overly large number of children, which could allow remote attackers to execute arbitrary code by convincing a user to visit a specially crafted web page," VUPEN said in its advisory. "VUPEN has confirmed this vulnerability with Opera versions 11.00 and 10.63 on Windows 7 and Windows XP SP3."
There is no patch available for the Opera bug at this time.
by Dennis Fisher, Threatpost.com
January 21, 2011
There is a critical vulnerability in the Opera browser that could be used by an attacker to execute arbitrary code on vulnerable machines. The bug affects the latest version of Opera running on Windows 7, as well as Windows XP SP3.
The vulnerability surfaced Friday and it has been confirmed by researchers at VUPEN, a French security firm. The remote bug exists in version 11.00, which is the current release of Opera, as well as version 10.63 and earlier releases.
"A vulnerability has been identified in Opera, which could be exploited by remote attackers to take complete control of a vulnerable system. This issue is caused by an integer truncation error within the Opera Internet Browser module "opera.dll" when handling a HTML "select" element containing an overly large number of children, which could allow remote attackers to execute arbitrary code by convincing a user to visit a specially crafted web page," VUPEN said in its advisory. "VUPEN has confirmed this vulnerability with Opera versions 11.00 and 10.63 on Windows 7 and Windows XP SP3."
There is no patch available for the Opera bug at this time.