Select local site

F-Secure Vulnerability Information :
Opera Browser Skin File Handling Vulnerabilities
[Summary] | [Detailed Description] | [Solution] | [CVE Reference]

Report ID:SA10277
Source:Secunia
Date of Discovery:22.11.2003
Criticality:Urgent
Affects:

Opera 7.x
Compromise From:From remote
Compromise Type:System access
Summary

Two vulnerabilities have been identified in the Opera browser, which potentially can be exploited by malicious people to compromise a user"s system.
Back to the Top

Detailed Description

Two vulnerabilities have been identified in the Opera browser, which potentially can be exploited by malicious people to compromise a user"s system.

1) A boundary error in the zip processing when handling skin files can be exploited to cause a buffer overflow. This may allow execution of arbitrary code on a user"s system, if the user is tricked into visiting a malicious website.

This issue affects both Linux and Windows systems.

2) An input validation error when handling skin files can be exploited to place a malicious file in an arbitrary directory on a user"s system. This can be done via a directory traversal attack where the URL encoded representation of backslashes is used ("%5C").

Example:
http://[malicious_server]/..%5c..%5c..%5c..%5cskin.zip

Successful exploitation requires that the user is tricked into visiting a malicious website. Only Windows platforms are affected by this issue.

Both vulnerabilities affect version 7.22 and prior.
Back to the Top

Solution

Update to version 7.23.
http://www.opera.com/download/
Back to the Top

CVE Reference
Back to the Top

F-Secure Corporation