Computer Security
[EN] securityvulns.ru no-pyccku


Opera browser multiple security vulnerabilities
updated since 06.01.2007
Published:09.01.2007
Source:
SecurityVulns ID:7006
Type:remote
Threat Level:
7/10
Description:Memory corruption on JPEG parsing, function call via user-controlled pointer.
Affected:OPERA : Opera 9.02
CVE:CVE-2007-0127 (The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call.)
 CVE-2007-0126 (Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number of index bytes in the Define Huffman Table (DHT) marker.)
Original documentdocumentposidron, Opera JPEG processing - Heap corruption vulnerabilities (09.01.2007)
 documentIDEFENSE, iDefense Security Advisory 01.05.07: Opera Software Opera Web Browser createSVGTransformFromMatrix Object Typecasting Vulnerability (06.01.2007)
 documentIDEFENSE, iDefense Security Advisory 01.05.07: Opera Software Opera Web Browser JPG Image DHT Marker Heap Corruption Vulnerability (06.01.2007)
Files:Exploits Opera ntdll.RtlAllocateHeap() DHT vulnerability
 Exploits Opera ntdll.RtlAllocateHeap() SOS vulnerability

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod