Long URLs Cause Security Flaw in Opera Browser

In an advisory issued this week, Opera detailed a flaw in its browser with regard to the software that handles 'long links'. The exploitation of this vulnerability could enable running malware in a victim's computer.

Explaining the vulnerability in the Opera browser, Secunia said it could be exploited to compromise a user's PC. The vulnerability is a result of a 'boundary error' while surfing 'overly long' URLs. Taking advantage of transmitting 'overly long' URL having more than 250 bytes can create a 'heap-based buffer overflow'. If the exploitation succeeds, it can let the execution of an arbitrary code through a malicious website.
In another advisory, iDefense enumerated that the flaw present within Opera activates when passing a tag through a long URL. A 'heap buffer' with a fixed size of 256 bytes is provided to save the URL. A copy of the URL is put into the buffer, which in the absence of sufficient bounds bypasses checking for its length. An attacker who successfully exploits from a remote location can execute arbitrary code using the privileges of the user logged in. If an exploitation attempt fails, it can lead to browser crashing.

The vulnerability exists in version 9.0 and 9.01 on Windows and Linux. Version 8.x remains unaffected. Opera developers consider the risk as moderate although admit of its potential crash.

'Opera Software' released 'Opera 9.02' version of the browser in September, ready for download. This new version does not contain the flaw any more. As per recommendations, users of earlier versions should update to the new version as early as possible.

'Heap overflows' are the cause of nearly 50 percent of the critical security loopholes. Like the previous 'stack-based buffer overflow', attackers can exploit this error to inject and run any code they desire. The error can convert even image files into dangerous 'Trojan horses'.

Since the past two years, browsers have been the major targets of online attack. This trend has been escaped by Opera since long. The 'zero-day' attacks have hit Microsoft's Internet Explorer by using the then unknown browser flaws. Opera users are urgently advised to upgrade to the recent version of the browser.

Related article: Long Delays in Emails Are Really Due to Spam

» SPAMfighter News - 25-10-2006

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next