iDefense Security Advisory 01.05.07 - Remote exploitation of a typecasting bug in Opera Software ASA's Opera Web browser could allow an attacker to execute arbitrary code on the affected host. A flaw exists within Opera's Javascript SVG implementation. When processing a createSVGTransformFromMatrix request Opera does not properly validate the type of object passed to the function. Passing an incorrect object to this function can result in it using a pointer that is user controlled when it attempts to make the virtual function call. iDefense has confirmed the existence of this vulnerability in Opera version 9.02 on both Windows and Linux. Previous versions may also be affected.
056332b96e15c13f08ae5f65ebe9a023720d8595be75f1bb87014b7c59716623