Detailed Description
Two vulnerabilities have been identified in the Opera browser, which potentially can be exploited by malicious people to compromise a user's system.
1) A boundary error in the zip processing when handling skin files can be exploited to cause a buffer overflow. This may allow execution of arbitrary code on a user's system, if the user is tricked into visiting a malicious website.
This issue affects both Linux and Windows systems.
2) An input validation error when handling skin files can be exploited to place a malicious file in an arbitrary directory on a user's system. This can be done via a directory traversal attack where the URL encoded representation of backslashes is used ("%5C").
Example:
http://[malicious_server]/..%5c..%5c..%5c..%5cskin.zip
Successful exploitation requires that the user is tricked into visiting a malicious website. Only Windows platforms are affected by this issue.
Both vulnerabilities affect version 7.22 and prior.