-
March 5th, 2010, 09:26 PM
#1
*HEADS UP* - Opera Unpatched Vulnerability - Affects 10.50
Several mailing lists reporting publicly available exploits for Opera 10.50 for Windows and below. There actually seems to be at least two different vulnerabilities, both unpatched at this time. One of them seems to be a DoS resulting in a browser crash, but the other looks like it will allow full code execution. The vulnerability finders seem to indicate that these issues are known to exist in previous versions of the Opera also. These are fairly serious and until Opera patches them, you may be well advised to stop using them for the time being.
http://secunia.com/advisories/38820/
http://www.vupen.com/english/advisories/2010/0529
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
-
March 6th, 2010, 03:24 AM
#2
These are fairly serious and until Opera patches them, you may be well advised to stop using them for the time being.
Do you mean stop using Opera as a whole, or are there extensions/plugins that are affected?
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
March 6th, 2010, 04:46 AM
#3
Right click "Run as..." then select a guest account. Problem solved.
-
March 6th, 2010, 09:41 AM
#4
Opera doesn't have plugins (add-on's) like firefox. What spec has said will work however you can also use "dropmyrights" - http://nonadmin.editme.com/DropMyRights
Microsoft used to recommend it while back but i dont see it anymore on Microsoft site or blogs. I use it on Vista and it works well..
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
-
March 6th, 2010, 10:53 AM
#5
Junior Member
Opera claims the exploit is not exploitable. http://twitter.com/opvard/status/10022205189
-xqus
-"I don't need no stinking spel checkre!"
-
March 6th, 2010, 02:29 PM
#6
In other words they couldn't reproduce it and tried contacting the person who posted it but got no response. Meanwhile, for all we know, it was off by one byte or DEP caught it.
-
March 11th, 2010, 04:46 AM
#7
Originally Posted by xqus
they're now backpeddling like usual and unfortunatly it was real.
http://www.computerworld.com/s/artic...ource=rss_news
The flaw, which Danish bug tracking vendor Secunia rated as " highly critical," the second-highest ranking in its five-step scoring system, can be exploited by attackers to corrupt memory, crash Opera and theoretically execute attack code. According to the researcher who posted proof-of-concept attack code on the Web last week, the bug affects Opera 10, including the newest version, Opera 10.50, which shipped last week.
Opera contested Secunia's initial report of the vulnerability, claiming that the bug is not a security problem because attackers would be able to only crash the browser, not gain control of a PC. However, after prompting from Secunia and further investigation, Opera conceded that the flaw might be exploitable.
they don't want to admit it...
-
March 11th, 2010, 02:57 PM
#8
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
Similar Threads
-
By therenegade in forum Web Security
Replies: 13
Last Post: April 1st, 2005, 09:03 AM
-
By SDK in forum Miscellaneous Security Discussions
Replies: 0
Last Post: May 14th, 2004, 01:08 PM
-
By Szafran in forum Miscellaneous Security Discussions
Replies: 1
Last Post: September 7th, 2003, 09:41 PM
-
By xmaddness in forum Miscellaneous Security Discussions
Replies: 0
Last Post: January 28th, 2003, 09:12 PM
-
By E5C4P3 in forum Product / Book / Training / Conference Reviews
Replies: 2
Last Post: March 3rd, 2002, 03:24 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|