Opera Web Browser Content-Length Header Buffer Overflow Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	04/13/2010
Severity:	High
Application Affected:	Opera Software Opera Web Browser 10.50 Opera Software Opera Web Browser 10.10 Opera Software Opera Web Browser 10.1 Opera Software Opera Web Browser 10.01 Opera Software Opera Web Browser 10
Type:	Remote
Identifiers:	CVE-2010-1349

Synopsis

Opera web browser is prone to buffer overflow vulnerability which could be exploited by remote attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a web page hosted on a malicious web server.

Recommended Actions

Update the patches as guided by vendor at :
http://www.opera.com/browser/download/

Threat Analysis

Opera is a web browser and Internet suite developed by the Opera Software company. Opera Web Browser version 10.50 and earlier are reported prone to buffer overflow vulnerability.

This issue is due to processing HTTP request with malformed HTTP "Content-Length:" headers. Successfully exploiting of this vulnerability could allow remote attackers to execute arbitrary code in the context of the application. Failed attacks will likely cause denial-of-service conditions.

References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1349

Write-up by: Anupam Kumar