Vulnerability Development mailing list archives
RE: Opera Browser goes Crash
From: Michael Erl <Michael.Erl () pentasys de>
Date: Wed, 24 Oct 2001 17:33:21 +0200
The same happens on my machine (Win2000 Server, Opera 5.12). Closes all windows and is terminated without any notification. When I relaunch Opera I'm asked how to start because the last session was terminated abnormally. Michael Erl
-----Original Message----- From: Holmes, Ben [mailto:Ben.Holmes () getronics com] Sent: Tuesday, October 23, 2001 10:53 AM To: Vuln-Dev (E-mail) Subject: Opera Browser goes Crash -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I usually use Opera browser (it truly is a fast browser), and it just closed when I went to a link... The link was "http://www.malware.com/hello.html" In Netscape, it is supposed to play a sound file... In I.E it just comes up and allows to view source. The source is basically a small JavaScript part (and that should work fine), but the other part is a large embedded sound file.. it is in this form: '<embed src="data:audio/wav;base64,[Base 64 data of a sound file]" autostart=true width=0 height=0 loop=true>' tag. It didn't seem to give an error message or anything.. if it was overflowing a buffer I'd usually expect that it would generate a windows error message when it gets random junk like this... But it just closes.. completely and gracefully... but it closes nevertheless.. I am thinking: A> It is a configuration problem on this PC... It decodes the Base 64 (or goes to) but some plug in or system it uses to play the file or decode it that is possibly specific to this PC dies. B> The length of the embed tag is too long and overflows an internal buffer and jumps right to a close (either graciously, or by super good error checking routines)... Or something else happens that makes windows not notice that a program is doing wierd_funky_things (tm) C> The "embed" tag is touchy and its implementation is bad, this doesn't seem the case though, because if I make the [Base 64 data of a sound file] part much smaller, it just does the same as IE does. If it is "B"... is it exploitable in the form: '<embed src="data:audio/wav;base64,[Nasty code][Padding][address of a jmp esp]" autostart=true width=0 height=0 loop=true>' or some other such thing, that would cause "Nasty Code" to be run in the Opera process. Does it happen on anyone else's computer that runs Opera... or is this little currently Opera specific DoS also "this computer" specific... - -- Benjamin Holmes E&OE. All spelling and grammatical errors are for your enjoyment and entertainment only and are copyright Benjamin Holmes. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> Comment: Pee Gee Peeeeee! iQA/AwUBO9Uv/HLvuelW5gClEQLO5wCg+K5tXdKdWAiaEBj71BiYnks964wAoJP5 VvPSGdUiC5c8kZ8/yhA5DZ06 =XF0I -----END PGP SIGNATURE-----
Current thread:
- Re: Opera Browser goes Crash, (continued)
- Re: Opera Browser goes Crash Martin Sunnerdahl (Oct 23)
- Re: Opera Browser goes Crash David Worth (Oct 23)
- RE: Opera Browser goes Crash Jason Waldhelm (Oct 23)
- Re: Opera Browser goes Crash Sephiroth (Oct 24)
- Re: Opera Browser goes Crash Chip Mefford (Oct 24)
- Re: Opera Browser goes Crash Timothy . Lyons (Oct 23)
- Re: Opera Browser goes Crash Eric Johnson (Oct 23)
- Re: Opera Browser goes Crash http-equiv () excite com (Oct 23)
- Re: Opera Browser goes Crash riezel . t . serdan (Oct 23)
- Re: Opera Browser goes Crash Aj Effin Reznor (Oct 24)
- RE: Opera Browser goes Crash Michael Erl (Oct 24)
- Re: Opera Browser goes Crash http-equiv () excite com (Oct 24)