SECURITY TO THE CORE

Opera 10.50 Buffer Overflow Vulnerability


A vulnerability has been identified in Opera, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by a buffer overflow error when processing malformed HTTP “Content-Length:” headers, which could be exploited by remote attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a web page hosted on a malicious web server.

But according to a company spokesman, an attacker can’t lead to the remote execution of malware.

Solution

Do not browse untrusted websites or follow untrusted links.

Opera users should make sure that DEP is turned on in their operating system. “In various testings it was found that DEP mitigates the problem and protect the system from this vulnerability.

DEP isn’t always turned on by default. If you use Windows XP then please follow the instructions here to make sure you’re protected. Users of  Windows Vista and Windows 7 can find details here and here. The changes will prevent Windows from executing code when loaded into memory by a variety of third-party applications.

References

http://www.vupen.com/english/advisories/2010/0529

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s