Bugtraq mailing list archives

Re: Opera 9 DoS PoC

From: "Eric Furman" <ericfurman () fastmail net>
Date: Sat, 24 Jun 2006 15:18:45 -0400

On Wed, 21 Jun 2006 14:21:08 -0300, "Bruno Lustosa"
<bruno.lists () gmail com> said:

On 21 Jun 2006 03:39:09 -0000, N9 () critical lt <N9 () critical lt> wrote:

Details:

Vulnerability can be exploited by using a large value in a href tag to create an out-of-bounds memory access.

Proof Of Concept DoS exploit:

http://www.critical.lt/research/opera_die_happy.html


Interesting enough, clicking on that link under Firefox 1.5.0.4 made
it hang for about 20 seconds, consuming 100% cpu time.
Probably not a vulnerability, although it could be "exploited" to annoy
users.


Under Netscape 8.1 the link did nothing using the Firefox rendering
engine. However, when using the Internet Explorer rendering engine
an error window comes up;
Microsoft Visual C++ Debug Library: Debug Assertion Failed!
It has three buttons; Abort, Retry and Ignore.
Hitting Abort or Retry crashes the browser while Ignore closes the
window and nothing further happens.
-- 
  Eric Furman
  ericfurman () fastmail net

Current thread:

Opera 9 DoS PoC N9 (Jun 21)
- Re: Opera 9 DoS PoC Bruno Lustosa (Jun 23)
  - Re: Opera 9 DoS PoC Bastian Ahrens (Jun 26)
  - Re: Opera 9 DoS PoC Eric Furman (Jun 26)
- <Possible follow-ups>
- Re: Opera 9 DoS PoC Darren Clarke (Jun 23)
  - Re: Opera 9 DoS PoC Laurent (Jun 26)