A vulnerability has been identified in Opera, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by a buffer overflow error when processing malformed HTTP "Content-Length:" headers, which could be exploited by remote attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a web page hosted on a malicious web server.

VUPEN confirmed the vulnerability with Opera version 10.50 on Windows XP SP3.

An error related to the processing of certain XSLT constructs could allow a malicious web page to retrieve contents from arbitrary web sites.

Affected Products

Opera version 10.50 and prior

Solution

Upgrade to Opera version 10.51 :
http://www.opera.com/browser/download/

References

http://www.vupen.com/english/advisories/2010/0529
http://www.opera.com/docs/changelogs/windows/1051
http://www.opera.com/support/search/view/948/
http://www.opera.com/support/search/view/949/

In-depth Binary Analysis

Available in customer area as part of VUPEN Binary Analysis & Exploits Service and VUPEN Vulnerability Notification Service Ultimate Feed Edition.
 

Private Exploit or PoC

Available in customer area as part of VUPEN Binary Analysis & Exploits Service and VUPEN Vulnerability Notification Service Ultimate Feed Edition.
 

Public Exploit or PoC

Available in customer area as part of VUPEN Vulnerability Notification Service.
 

Credits

Vulnerability reported by Marcin Ressel (~echo) and crazypops.

Changelog

2010-03-04 : Initial release
2010-03-22 : Updated Solution

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.