[CVE-2011-0682] Large form inputs can allow execution of arbitrary code


Titre: OPERA – Large form inputs can allow execution of arbitrary code


CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0682


Author: Security researcher Jordi Chancel


UPDATE Link: http://www.opera.com/fr/security/advisory/982


Description:

When certain large form inputs appear on a web page, they can cause Opera to crash. In some cases, the crash can lead to memory corruption, which could be used to execute code. To inject code, additional techniques will have to be employed.


Opera’s response:

Opera Software has released Opera 11.01, where this issue has been fixed.


  • Vidéo de démonstration :


-Security Researcher Jordi Chancel

Comments are closed.