SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Opera Vendors:   Opera Software
Opera Web Browser Can Be Crashed By Remote Users With Certain Large Scale Image Tag Size
SecurityTracker Alert ID:  1005245
SecurityTracker URL:  http://securitytracker.com/id/1005245
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 18 2002
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 6.01
Description:   A denial of service vulnerability was reported in the Opera web browser. A remote user can create HTML that, when loaded by the target user, will cause the target user's browser to crash.

It is reported that a remote user can create HTML with large image tag width and height values so that when the HTML is loaded by a target user, the target user's Opera browser will crash.

A demonstration exploit tag is provided:

<img src="blank.gif" width=32759 height=132750>

In the above example, the file 'blank.gif' must be a valid image.

This flaw is reported as a buffer overflow. The possibility of remote code execution is not addressed in the report.

The vendor has reportedly been notified.

Impact:   A remote user can cause the Opera browser to crash when loading specially crafted HTML.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.opera.com/ (Links to External Site)
Cause:   Boundary error, Exception handling error
Underlying OS:  BeOS, Linux (Any), Apple (Legacy "classic" Mac), UNIX (macOS/OS X), UNIX (Solaris - SunOS), Windows (Any)
Underlying OS Comments:  Linux is affected; other operating systems were not tested

Message History:   None.


 Source Message Contents

Subject:  Bug in Opera and Konqueror


--------------Boundary-00=_QVOHZ77APHFQVSCVIE7Y
Content-Type: text/plain;
  charset="koi8-r"
Content-Transfer-Encoding: 8bit            

Read the attached advisory.

-- 
WBR, Zeux.
Origin: I say evolve, let the chips fall where they may.
--- Zeux<zeux@inbox.ru> from sp00fed packet
Mail: zeux@inbox.ru zeux@secforum.net zeux@undergrounda.net

--------------Boundary-00=_QVOHZ77APHFQVSCVIE7Y
Content-Type: text/plain;
  charset="koi8-r";
  name="advisory2.en"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="advisory2.en"

Ly0tLS0tLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0r
LS0tLS0tLS0tLS0tLVwKfCBzcDAwZmVkIHBhY2tldCB8ICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICB8IGFkdmlzb3J5ICMyIHwKKy0tLS0tLS0tLS0tLS0tLS0rLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0tLSsKfCBQcm9kdWN0OiBt
dWx0aXBseSB2ZW5kb3JzIGJyb3dzZXJzICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
IHwKfCBWdWxuZXJhYmlsaXR5OiBidWZmZXIgb3ZlcmZsb3cgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgIHwKfCBEYW5nZXI6IGxvdyAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwKXC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS8KICAgIDo6RGVz
Y3JpcHRpb246OgogU2FtcGxlIEhUTUwtY29kZSB0byBjcmFzaCBicm93c2VyczoKPGltZyBzcmM9
ImJsYW5rLmdpZiIgd2lkdGg9MzI3NTkgaGVpZ2h0PTEzMjc1MD4KIGJsYW5rLmdpZiBtdXN0IGJl
IGEgd29ya2luZyBpbWFnZS4gSXRzIHNpemUgY2FuIGJlIGFib3V0IDIga2IuCiBXaHkgd2lkdGgg
aXMgMzI3NTk/IEl0J3MgdGhlIGhpZ2hlc3QgdmFsdWUgT3BlcmEgNi4wMSBhbGxvd3MgZm9yIHdp
ZHRoLgpIZWlnaHQgY2FuIGJlIHZlcnkgYmlnIChtYXliZSB0aGVyZSBhcmUgbGltaXRzIGZvciBo
ZWlnaHQgaW4gT3BlcmEsIGJ1dApJIGRvbid0IGhhdmUgc3VjaCBpbmZvcm1hdGlvbikuCiBUaGUg
dGFyZ2V0IGlzIHRvIGdlbmVyYXRlIGJ1ZmZlciBvdmVyZmxvdyBieSBhc2tpbmcgYnJvd3NlciB0
byBkaXNwbGF5CnNjYWxlZCBpbWFnZSB3aXRoIHZlcnkgYmlnIHNjYWxlLiBPcGVyYSBjcmFzaGVz
IGluIDEtMiBzZWNvbmRzIChhbmQKZGlzcGxheXMgZXJyb3IgbWVzc2FnZSBpbiB0aGUgY29uc29s
ZTogIi91c3IvYmluL29wZXJhOiBsaW5lIDcyOiAxNzQ0NQpTZWdtZW50YXRpb24gZmF1bHQgICAg
ICAkT1BFUkEgIiRAIiIpLCBLb25xdWVyb3IgZmlyc3QgbG9hZHMgc3lzdGVtIHZlcnkKbXVjaCwg
dGhlbiBwcm9kdWNlcyBTSUdTRUdWLiBUaGUgdGVzdGVkIHZlcnNpb25zIGFyZSBzaG93ZWQgYmVs
b3cuIFRoZQp2ZXJzaW9uIG9mIE9wZXJhIHdhcyByZWNlbnQgYXQgdGhlIHRpbWUgb2YgZmluZGlu
ZyB0aGUgYnVnLCBzbyAoSSB0aGluaykKdGhlIHZlcnNpb24gaXMgcHJlc2VudCBpbiBhbGwgZWFy
bGllciB2ZXJzaW9ucy4gTXkgdmVyc2lvbiBvZiBLb25xdWVyb3IKaXMgb3V0IG9mIGRhdGUsIGFu
ZCBJIGRvIG5vdCBoYXZlIHRoZSByZWNlbnQgcmVsZWFzZSBvZiBpdCwgc28gSSB3aWxsIGJlCmds
YWQgaWYgc29tZWJvZHkgdGVzdHMgdGhpcyB2dWxuZXJhYmlsaXR5IGFuZCByZXBvcnRzIG1lIHRo
ZSByZXN1bHRzLgogSW4gcmVhbGl0eSAoYXMgSSB0aGluayksIHRoZSBidWcgaW4gT3BlcmEgaXMg
cHJlc2VudCBiZWNhdXNlIG9mIHRoZSBidWcKaW4gUUltYWdlIChpbWFnZSBlbmdpbmUpLCB1c2Vk
IGluIE9wZXJhIHRvIGRpc3BsYXkgaW1hZ2VzLgoKICAgIDo6VnVsbmVyYWJsZTo6Clt2dWxuZXJh
YmxlXSBPcGVyYSB2Ni4wMSBidWlsZCAxNzUgZm9yIExpbnV4Clt2dWxuZXJhYmxlXSBLb25xdWVy
b3IgdjIuMS4xCgogICAgOjpWZW5kb3I6OgpPcGVyYSwgSW5jIHdhcyBpbmZvcm1lZCA3IGRheXMg
YWdvLiBBbnN3ZXIgd2FzIG5vdCByZWNlaXZlZApLREUgRGV2ZWxvcG1lbnQgR3JvdXAgd2FzIGlu
Zm9ybWVkIDcgZGF5cyBhZ28uIEFuc3dlcjoKLS0tLQpGcm9tIG93bmVyQGJ1Z3Mua2RlLm9yZyBT
dW4gU2VwICA4IDAwOjMzOjAwIDIwMDIKRnJvbSBjb29sb0BrZGUub3JnIFN1biBTZXAgMDggMDA6
MzM6MDIgMjAwMgpFbnZlbG9wZS10bzogemV1eEBpbmJveC5ydQpEZWxpdmVyeS1kYXRlOiBTdW4s
IDA4IFNlcCAyMDAyIDAwOjMzOjAyICswNDAwClJlY2VpdmVkOiBmcm9tIGRyd2ViIGJ5IG14NS5t
YWlsLnJ1IHdpdGggZHJ3ZWItc2Nhbm5lZCAoRXhpbSBNWC41KQoJaWQgMTdubUdNLTAwMDBEQS0w
MAoJZm9yIHpldXhAaW5ib3gucnU7IFN1biwgMDggU2VwIDIwMDIgMDA6MzM6MDIgKzA0MDAKUmVj
ZWl2ZWQ6IGZyb20gWzEzMS4yNDYuMTAzLjIwMF0gKGhlbG89a3Rvd24ua2RlLm9yZykKCWJ5IG14
NS5tYWlsLnJ1IHdpdGggc210cCAoRXhpbSBNWC41KQoJaWQgMTdubUdMLTAwMDBDUC0wMAoJZm9y
IHpldXhAaW5ib3gucnU7IFN1biwgMDggU2VwIDIwMDIgMDA6MzM6MDEgKzA0MDAKUmVjZWl2ZWQ6
IChxbWFpbCAyMjEzNCBpbnZva2VkIGJ5IHVpZCAxMDAzKTsgNyBTZXAgMjAwMiAyMDozMzowMCAt
MDAwMApEYXRlOiA3IFNlcCAyMDAyIDIwOjMzOjAwIC0wMDAwCkZyb206IG93bmVyQGJ1Z3Mua2Rl
Lm9yZyAoU3RlcGhhbiBLdWxvdykKVG86IHpldXhAaW5ib3gucnUKU3ViamVjdDogQnVnIzQ3NDU2
IGFja25vd2xlZGdlZCBieSBkZXZlbG9wZXIKICAgICAgICAgKEtvbnF1ZXJvciBidWcpClJlZmVy
ZW5jZXM6IDwyMDAyMDkwNzIyMjkuMDE0MDMuYmlubmVyQGtkZS5vcmc+IDwwMjA5MDUwODE3NDMw
MS4wMTIwNEBzcDAwZmVkLnp4PgpJbi1SZXBseS1UbzogPDAyMDkwNTA4MTc0MzAxLjAxMjA0QHNw
MDBmZWQueng+Ck1lc3NhZ2UtSUQ6IDxoYW5kbGVyLjQ3NDU2LkMuMTAzMTQzMDUxODIwOTQ2Lm5v
dGlmZG9uZWN0cmwuMEBidWdzLmtkZS5vcmc+ClgtRW52ZWxvcGUtVG86IHpldXhAaW5ib3gucnUK
Q29udGVudC1UeXBlOiAKU3RhdHVzOiBSTwpYLVN0YXR1czogTwoKWW91ciByZXBvcnQgaGFzIGJl
ZW4gbWFya2VkIGFzIGNsb3NlZCBieSBvbmUgb2YgdGhlIGRldmVsb3BlcnMsIG5hbWVseQpTdGVw
aGFuIEJpbm5lciA8YmlubmVyQGtkZS5vcmc+LgoKVGhlIHJlcG9ydCBpcyBhYm91dCBhIHZlcnkg
b2xkIHZlcnNpb24gb2YgdGhlIHNvZnR3YXJlLiBNYW55IGltcHJvdmVtZW50cwpoYXZlIGJlZW4g
bWFkZSBhbmQgbWFueSBidWdzIGhhdmUgYmVlbiBmaXhlZCBpbiB0aGUgbWVhbndoaWxlLiBHaXZl
biB0aGUgaHVnZQpudW1iZXIgb2YgYnVnIHJlcG9ydHMgd2UgcmVjZWl2ZSwgd2UgYXJlIG5vIGxv
bmdlciBpbnZlc3RpZ2F0aW5nIGJ1ZyByZXBvcnRzCmZvciB0aGlzIHZlcnNpb24gb2YgdGhlIHNv
ZnR3YXJlLiBQbGVhc2UgdXBncmFkZSB0byB0aGUgbGF0ZXN0IG9mZmljaWFsCnJlbGVhc2UuIElm
IHlvdSBmaW5kIHlvdXIgcHJvYmxlbSBzdGlsbCBwZXJzaXN0aW5nLCB0aGVuIHdlIHdlcmUgdW5h
YmxlIHRvIHJlcHJvZHVjZSBpdCBhbmQgeW91IG1pZ2h0IG5lZWQgdG8gcHJvdmlkZSBtb3JlIGRl
dGFpbHMgb24geW91ciBzZXR1cCB0aGF0IG1heSBtYWtlIHRoZSBkaWZmcmVuY2UuIFRoYW5rcyBp
biBhZHZhbmNlLgoKSWYgeW91IGFyZSBwcmV0dHkgc3VyZSB0aGF0IHNvbWV0aGluZyB3ZW50IHdy
b25nLCAKcGxlYXNlIGNvbnRhY3QgU3RlcGhhbiBCaW5uZXIgPGJpbm5lckBrZGUub3JnPiBkaXJl
Y3RseS4KClN0ZXBoYW4gS3Vsb3cKKGFkbWluaXN0cmF0b3IsIEtERSBidWdzIGRhdGFiYXNlKQot
LS0tClRoZSBjcmVhdG9ycyBvZiB0aGUgcGFja2V0IGRpZCBub3QgZXZlbiBjaGVjayB0aGUgcHJl
c2VuY2Ugb2YgdGhpcyB2dWxuZXJhYmlsaXR5Cm9uIHRoZSBuZXcgYnJvd3Nlciwgc28gSSBhc2sg
eW91IHRvIGNoZWNrIGl0IG9uIHRoZSBLb25xdWVyb3IgZnJvbSBLREUzLgoKICAgIDo6Q29udGFj
dHM6OgogW2h0dHA6Ly93d3cuc3AwMGZlZC5ydS9dIHNwMDBmZWQgcGFja2V0CiBbemV1eEBpbmJv
eC5ydV0gWmV1eCAoaXQncyBtZSA7KQogW3NwaWtpckByYmNtYWlsLnJ1XSBTcGlraXIgKHRlYW0g
Y29vcmRpbmF0b3IpCiA=

--------------Boundary-00=_QVOHZ77APHFQVSCVIE7Y--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC