|
|
>> Opera Web Browser Background Style URI Handling Remote Memory Corruption Vulnerability
|
Title : Opera Web Browser Background Style URI Handling Remote Memory Corruption Vulnerability
VUPEN ID : VUPEN/ADV-2006-2987
CVE ID : CVE-2006-3945
Rated as : Low Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-07-26
|
A vulnerability has been identified in Opera, which could be exploited by remote attackers to cause a denial of service. This flaw is due to a memory corruption error when setting the CSS "background" property of a DHTML element to an overly long URL (e.g. HTTP or HTTPS), which could be exploited by attackers to cause a denial of service by convincing a user to visit a specially crafted Web page.
Affected Products
Opera version 9
Solution
Upgrade to Opera version 9.01 :
http://www.opera.com/download/
References
http://www.vupen.com/english/advisories/2006/2987
http://browserfun.blogspot.com/2006/07/mobb-26-opera-css-background.html
Credits
Vulnerability reported by H.D. Moore
ChangeLog
2006-07-26 : Initial release
2006-07-26 : Updated Advisory
2006-08-02 : Updated Solution
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
