Opera: Two remote code execution vulnerabilities

Background Opera is a multi-platform web browser. Description Christoph Deal discovered that JPEG files with a specially crafted DHT marker can be exploited to cause a heap overflow. Furthermore, an anonymous person discovered that Opera does not correctly handle objects passed to the...

Opera <= 9.10 JPG Image DHT Marker Heap Corruption Vulnerabilities

No description provided by source. Opera JPEG processing - Heap corruption vulnerabilities ======================================================= Date..: 8th September 2006 31th October 2006 update 3rd November 2006 update 5th January 2007 public release...

Design/Logic Flaw

The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be...

Heap overflow

Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number of index bytes in the Define Huffman Table DHT marker...

CVE-2007-0126

Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number of index bytes in the Define Huffman Table DHT marker...

CVE-2007-0127

The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be...

CVE-2007-0127

CVE-2007-0127 affects Opera before 9.10, where the Javascript SVG support fails to validate object types in a createSVGTransformFromMatrix request. This can allow remote attackers to execute arbitrary code via JavaScript that uses an invalid object, causing a controlled pointer to be referenced d...

CVE-2007-0126

Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number of index bytes in the Define Huffman Table DHT marker...

CVE-2007-0126

CVE-2007-0126 concerns Opera 9.02 where a heap-based overflow in processing a JPEG Define Huffman Table (DHT) marker can allow remote code execution. Connected advisories alsoreference CVE-2007-0127 related to a typecasting issue in Opera’s SVG handling. Mitigation documented in GLSA 200701-08 an...

EUVD-2007-0131

The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be...

CVE-2007-0127

The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be...

Opera browser multiple security vulnerabilities

Memory corruption on JPEG parsing, function call via user-controlled pointer...

Opera JPEG processing - Heap corruption vulnerabilities

Opera JPEG processing - Heap corruption vulnerabilities ======================================================= Date..: 8th September 2006 31th October 2006 update 3rd November 2006 update 5th January 2007 public release http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=457...

Opera < 9.10 Multiple Vulnerabilities

Binary data 3878.prm...

Opera Web浏览器JPEG图形DHT标记堆溢出漏洞

Opera是一款流行的WEB浏览器，支持多种平台。 Opera没有正确地处理JPEG文件头中的DHT标记，远程攻击者可能利用此漏洞控制用户机器。 如果DHT标记中包含有无效的索引字节数的话，攻击者就可以触发堆溢出，导致执行任意指令。 Opera Software Opera 9.02 Opera Software -------------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.opera.com...

Opera Web浏览器createSVGTransformFromMatrix对象代码执行漏洞

Opera是一款流行的WEB浏览器，支持多种平台。 Opera在实现Javascript SVG过程中存在安全漏洞，远程攻击者可能利用此漏洞控制用户机器。 在处理createSVGTransformFromMatrix请求时Opera没有正确验证传送给函数的对象类型，如果向该函数传送了不正确对象的话就能导致在试图进行虚拟函数调用时使用用户控制的指针，在用户机器上执行任意代码。 Opera Software Opera 9.02 临时解决方法： 在浏览器中禁用JavaScript。 厂商补丁： Opera Software --------------...

Opera 9.10 - .jpg Image DHT Marker Heap Corruption

Opera 9.10 - .jpg Image DHT Marker Heap Corruption Opera JPEG processing - Heap corruption vulnerabilities ======================================================= Date..: 8th September 2006 31th October 2006 update 3rd November 2006 update 5th January 2007 public release...

FreeBSD : opera -- multiple vulnerabilities (78ad2525-9d0c-11db-a5f6-000c6ec775d9)

iDefense reports : The vulnerability specifically exists due to Opera improperly processing a JPEG DHT marker. The DHT marker is used to define a Huffman Table which is used for decoding the image data. An invalid number of index bytes in the DHT marker will trigger a heap overflow with partially...

Opera 9.10 - &#039;.jpg&#039; Image DHT Marker Heap Corruption

Opera JPEG processing - Heap corruption vulnerabilities ======================================================= Date..: 8th September 2006 31th October 2006 update 3rd November 2006 update 5th January 2007 public release http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=457...

Opera <= 9.10 JPG Image DHT Marker Heap Corruption Vulnerabilities

Exploit for multiple platform in category dos / poc ================================================================== Opera = 9.10 JPG Image DHT Marker Heap Corruption Vulnerabilities ================================================================== Opera JPEG processing - Heap corruption...