Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security > Advisories

January 24th, 2011, 15:48 GMT · By

Opera Hit by Critical 0-Day Vulnerability

SHARE:

Adjust text size:


Opera 11.0 and 10.63 are vulnerable to unpatched remote code execution vulnerability
Enlarge picture
The latest version of the Opera browser is affected by a publicly disclosed vulnerability that allows potential attackers to execute arbitrary code remotely.

The flaw was discovered by French security researcher Jordi Chancel who disclosed it on his blog on January 7 and described it as an integer truncation error.

Mr. Chancel noted at the time that even though the crashes are easy to replicate, the address of the memory violation is unpredictable, making exploitation a lot more complicated.

However, on Friday, French vulnerability research vendor VUPEN Security announced that its researchers managed to develop a reliable arbitrary code execution exploit for the vulnerability.

"This issue is caused by an integer truncation error within the Opera Internet Browser module 'opera.dll' when handling a HTML 'select' element containing an overly large number of children," VUPEN writes in its advisory.

The flaw has been confirmed in Opera 11.0 and 10.63 on both Windows 7 and XP, and can be exploited remotely by tricking users to visit a specially crafted Web page.

Fortunately, for the time being there is no public proof-of-concept exploit. VUPEN keeps its attack code private and only shares it with its customers, which include government and corporations, so they can assess the risk and protect themselves accordingly.

There is currently no available patch from the vendor and no estimation on how quickly it will react to the disclosure. There is no CVE ID assigned for the vulnerability either.

According to the latest Security Factsheet published by Danish vulnerability intelligence vendor Secunia, Opera registered four times more vulnerabilities that didn't have a patch at advisory disclosure time last year compared to the preceding twelve months.

The latest stable version of the browser is 11.0 and was released on December 17th. However, the Opera desktop team is also putting out frequent snapshots, the last of which is 11.01 Build 1179 Beta.

Update January 24, 2011: Updated to correct an instance where Mr. Jordi Chancel's name was misspelled.

TELL US WHAT YOU THINK:

1,486 hits · 2 comments · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Security Researcher Releases Effective Browser Fuzzing Tool
Opera 11 Addresses High Risk Vulnerabilities
Firefox and Opera Drop WebSocket Support over Security Issues

READER COMMENTS:


Comment #1 by: Jordi Chancel on 25 Jan 2011, 06:11 UTC reply to this comment

My name is Jordi CHANCEL ... not Chacel

Comment #1.1 by: Lucian Constantin on 25 Jan 2011, 08:02 GMT

Please accept my apologies for that error. I have corrected it.

Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use