iDefense Security Advisory 07.19.07 - Remote exploitation of a dangling pointer vulnerability in Opera Software ASA's Opera web browser could allow an attacker to execute arbitrary code with the privileges of the logged in user. Opera 9.2 supports BitTorrent downloads. When parsing a specially crafted BitTorrent header, Opera uses memory that has already been freed. This can result in an invalid object pointer being dereferenced, and may allow for the execution of arbitrary code. The vulnerability is triggered when the user right clicks on the transfer and removes it. iDefense has confirmed the existence of this vulnerability in Opera version 9.21 on Windows. Previous versions may also be affected.
8b4808d2e862d865b862e4427d7013cade42d8ca0b810036a7a5b5856b262147
iDefense Security Advisory 05.23.07 - Remote exploitation of a stack-based buffer overflow in Opera Software ASA's Opera Web browser could allow an attacker to execute arbitrary code on the affected host. Opera 9.2 supports BitTorrent downloads. If a server sends the browser a specially crafted BitTorrent header, it can lead to a buffer overflow. The buffer overflow is triggered when the user right clicks on the item in the download pane. iDefense has confirmed the existence of this vulnerability in the Opera version 9.2 for Windows. Previous versions may also be affected.
27c3e133fe921c6258e20a9c2bd7db28f04bad4933ae646b769e8a46bc06e3e4
iDefense Security Advisory 04.30.07 - Remote exploitation of multiple vulnerabilities in the Internet Relay Chat (IRC) module of Cerulean Studios' Trillian could allow for the interception of private conversations or execution of code as the currently logged on user. When handling long CTCP PING messages containing UTF-8 characters, it is possible to cause the Trillian IRC client to return a malformed response to the server. This malformed response is truncated and is missing the terminating newline character. This could allow the next line sent to the server to be improperly sent to an attacker. When a user highlights a URL in an IRC message window Trillian copies the data to an internal buffer. If the URL contains a long string of UTF-8 characters, it is possible to overflow a heap based buffer corrupting memory in a way that could allow for code execution. A heap overflow can be triggered remotely when the Trillian IRC module receives a message that contains a font face HTML tag with the face attribute set to a long UTF-8 string. iDefense has confirmed the existence of this vulnerability in Cerulean Studios Trillian 3.1.
52ff569f01cf668cdc9ed199dd0dfde4c56ca3d899c956a30770ee3961bca59c
iDefense Security Advisory 03.23.07 - Remote exploitation of a password bypass vulnerability in DataRescue Inc.'s IDA Pro Remote Debugger Server allows attackers to execute arbitrary code under the context of the user who is running the remote debugger server. iDefense has confirmed the existence of this vulnerability in the remote debugger server for Windows and Linux from IDA Pro versions 5.0 and 5.1. It is suspected that the MacOS X version and earlier versions are also affected.
42f604e14359b9b4a03f0fa1da10b72bf3727d2df3a4fba8fc808d996e1f5c64