---------------------------------------------------------------------- Proof-of-Concept (PoC) and Extended Analysis available for customers. Get a free trial, contact sales@secunia.com ---------------------------------------------------------------------- TITLE: Opera Content Writing Uninitialised Memory Vulnerability SECUNIA ADVISORY ID: SA39590 VERIFY ADVISORY: http://secunia.com/advisories/39590/ DESCRIPTION: A vulnerability has been discovered in Opera, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when e.g. continuously writing content to a page using document.write() and results in a function call using uninitialised memory when a user visits a specially crafted web page. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version 10.52 for Windows. Other versions may also be affected. SOLUTION: Do not browse untrusted web sites of follow links from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Reported as a crash by Mathias Karlsson. Additional information provided by Secunia Research. ORIGINAL ADVISORY: Mathias Karlsson: http://h.ackack.net/?p=258 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------