Advisory: (Updated) Specially crafted JPEG images enables the execution of arbitrary code.

Summary

A specially crafted JPEG image can enable the execution of arbitrary code.

Severity: Critical

Affected versions: Versions prior to 9.0 of Opera for Microsoft Windows and Mac OS X.

Not affected: Opera for Linux, FreeBSD and Solaris.

Problem description

A specially crafted JPEG image header can trick Opera into allocating the wrong amount of memory for the image. This can make Opera crash, or worse, execute code that has been placed into memory in advance.

Exploitability

The image alone can not inject arbitrary code, and will only cause Opera to crash or malfunction. However, used in combination with other methods, it is possible to execute arbitrary code. In most cases the attempt will fail, and Opera will just crash.

Workarounds

Disabling JavaScript makes it much harder to exploit this flaw. Changing the display settings to 256 colors in Microsoft Windows will defeat the exploit completely.

Opera's response

Opera has released Opera 9.0, which does not have this flaw.

Credits

Thanks to Chris Ries, VigilantMinds Inc., for reporting this issue.

Support

• New to Opera
• Register Opera Mobile
• Tutorials
• Knowledge base
• Community
• Reporting bugs
• Premium support
• Documentation

Web analytics powered by HitsLink. Copyright Opera Software ASA. All rights reserved.

Site Index | Contact | Privacymy.opera.com | operamini.com | widgets.opera.com | dev.opera.com | jobs.opera.com | operapowered.com
jp.opera.com | ru.opera.com | pl.opera.com | de.opera.com | cn.opera.com | tw.opera.com | in.opera.com