|
Critical Security advisory #009 [http://www.critical.lt] =0D
Advisory can be reached: http://www.critical.lt/?vuln/349 =0D
=0D
We are: N9, bigb0u, cybergoth, iglOo, mircia, Povilas =0D
Shouts to Lithuanian girlz! and our friends ;] =0D
=0D
Product: Opera 9 (8.x is immune to this) =0D
Vuln type: Denial of Service =0D
Risk: moderated =0D
Attack type: Remote =0D
=0D
Details: =0D
=0D
Vulnerability can be exploited by using a large value in a href tag to create an out-of-bounds memory access. =0D
=0D
Proof Of Concept DoS exploit: =0D
http://www.critical.lt/research/opera_die_happy.html =0D
=0D
Research was originaly done by Povilas Tumėnas a.k.a. N9 =0D
=0D
P.S. To Opera Team, we like your browser and want it to be as good as possible. =0D