Opera exploits publicly available
FYI...
Opera exploits publicly available...
- http://isc.sans.org/diary.html?storyid=8356
Last Updated: 2010-03-05 16:03:04 UTC - "Several mailing lists and readers... are reporting publicly available exploits for Opera 10.50 for Windows and below. There actually seems to be at least two different vulnerabilities, both unpatched at this time. One of them seems to be a DoS resulting in a browser crash, but the other looks like it will allow full code execution. The vulnerability finders seem to indicate that these issues are known to exist in previous versions of the Opera also. These are fairly serious and until Opera patches them, you may be well advised to stop using them for the time being."
http://secunia.com/advisories/38820/
http://www.vupen.com/english/advisories/2010/0529
UPDATE: http://secunia.com/advisories/38820/
Comment at bottom of secunia URL...
On its forums, Opera is claiming that the vulnerability is not exploitable and that the report is invalid...
- http://my.opera.com/community/forums/topic.dml?id=442431
"... haavard - Moderator:
Friday, 5. March 2010, 17:41:26 (edited)
... This doesn't seem to be exploitable after being looked into. It might crash, but is there a proof of concept which executes code?"
- http://www.theregister.co.uk/2010/03/05/opera_vulnerability/
5 March 2010 - "A security vulnerability identified in Opera can be exploited to crash users' browsers, but probably can't lead to the remote execution of malware... "We believe that the bug primarily causes a crash, and that exploiting the vulnerability to execute code is extremely difficult, if not impossible," spokesman Thomas Ford told The Register. He went on to say that users should be sure to enable a security feature known as DEP, or data execution prevention. "In our testing, DEP mitigates the problem and should protect the system," he said... DEP isn't always turned on by default... Opera is in the process of pushing out an update that patches the bug."
:fear::fear:
FYI...
Opera exploits publicly available...
- http://isc.sans.org/diary.html?storyid=8356
Last Updated: 2010-03-05 16:03:04 UTC - "Several mailing lists and readers... are reporting publicly available exploits for Opera 10.50 for Windows and below. There actually seems to be at least two different vulnerabilities, both unpatched at this time. One of them seems to be a DoS resulting in a browser crash, but the other looks like it will allow full code execution. The vulnerability finders seem to indicate that these issues are known to exist in previous versions of the Opera also. These are fairly serious and until Opera patches them, you may be well advised to stop using them for the time being."
http://secunia.com/advisories/38820/
http://www.vupen.com/english/advisories/2010/0529
UPDATE: http://secunia.com/advisories/38820/
Comment at bottom of secunia URL...
On its forums, Opera is claiming that the vulnerability is not exploitable and that the report is invalid...
- http://my.opera.com/community/forums/topic.dml?id=442431
"... haavard - Moderator:
Friday, 5. March 2010, 17:41:26 (edited)
... This doesn't seem to be exploitable after being looked into. It might crash, but is there a proof of concept which executes code?"
- http://www.theregister.co.uk/2010/03/05/opera_vulnerability/
5 March 2010 - "A security vulnerability identified in Opera can be exploited to crash users' browsers, but probably can't lead to the remote execution of malware... "We believe that the bug primarily causes a crash, and that exploiting the vulnerability to execute code is extremely difficult, if not impossible," spokesman Thomas Ford told The Register. He went on to say that users should be sure to enable a security feature known as DEP, or data execution prevention. "In our testing, DEP mitigates the problem and should protect the system," he said... DEP isn't always turned on by default... Opera is in the process of pushing out an update that patches the bug."
:fear::fear:
Last edited: