Results 1 to 8 of 8

Thread: *HEADS UP* - Opera Unpatched Vulnerability - Affects 10.50

  1. #1

    *HEADS UP* - Opera Unpatched Vulnerability - Affects 10.50

    Several mailing lists reporting publicly available exploits for Opera 10.50 for Windows and below. There actually seems to be at least two different vulnerabilities, both unpatched at this time. One of them seems to be a DoS resulting in a browser crash, but the other looks like it will allow full code execution. The vulnerability finders seem to indicate that these issues are known to exist in previous versions of the Opera also. These are fairly serious and until Opera patches them, you may be well advised to stop using them for the time being.


    http://secunia.com/advisories/38820/

    http://www.vupen.com/english/advisories/2010/0529
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  2. #2
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    These are fairly serious and until Opera patches them, you may be well advised to stop using them for the time being.



    Do you mean stop using Opera as a whole, or are there extensions/plugins that are affected?
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  3. #3
    Banned
    Join Date
    Jan 2008
    Posts
    605
    Right click "Run as..." then select a guest account. Problem solved.

  4. #4
    Opera doesn't have plugins (add-on's) like firefox. What spec has said will work however you can also use "dropmyrights" - http://nonadmin.editme.com/DropMyRights

    Microsoft used to recommend it while back but i dont see it anymore on Microsoft site or blogs. I use it on Vista and it works well..
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  5. #5
    Junior Member xqus's Avatar
    Join Date
    Apr 2006
    Posts
    15
    Opera claims the exploit is not exploitable. http://twitter.com/opvard/status/10022205189
    -xqus
    -"I don't need no stinking spel checkre!"

  6. #6
    Banned
    Join Date
    Jan 2008
    Posts
    605
    In other words they couldn't reproduce it and tried contacting the person who posted it but got no response. Meanwhile, for all we know, it was off by one byte or DEP caught it.

  7. #7
    HYBR|D
    Guest
    Quote Originally Posted by xqus View Post
    Opera claims the exploit is not exploitable. http://twitter.com/opvard/status/10022205189
    they're now backpeddling like usual and unfortunatly it was real.
    http://www.computerworld.com/s/artic...ource=rss_news

    The flaw, which Danish bug tracking vendor Secunia rated as "highly critical," the second-highest ranking in its five-step scoring system, can be exploited by attackers to corrupt memory, crash Opera and theoretically execute attack code. According to the researcher who posted proof-of-concept attack code on the Web last week, the bug affects Opera 10, including the newest version, Opera 10.50, which shipped last week.
    Opera contested Secunia's initial report of the vulnerability, claiming that the bug is not a security problem because attackers would be able to only crash the browser, not gain control of a PC. However, after prompting from Secunia and further investigation, Opera conceded that the flaw might be exploitable.

    they don't want to admit it...

  8. #8
    Ouch it is!
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

Similar Threads

  1. Browser Security Test
    By therenegade in forum Web Security
    Replies: 13
    Last Post: April 1st, 2005, 09:03 AM
  2. Opera Telnet URI Handler File Creation/Truncation Vulnerability
    By SDK in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: May 14th, 2004, 01:08 PM
  3. Multiple browser timed document.write cross domain policy vulnerability
    By Szafran in forum Miscellaneous Security Discussions
    Replies: 1
    Last Post: September 7th, 2003, 09:41 PM
  4. NEWS: SANS Critical Vulnerability Report
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: January 28th, 2003, 09:12 PM
  5. 2002 Â* Linux Web Browser Review
    By E5C4P3 in forum Product / Book / Training / Conference Reviews
    Replies: 2
    Last Post: March 3rd, 2002, 03:24 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •