Opera Zero Day Remote Code Execution Vulnerability

[shan]

Opera 9.61 security update was released last week and fixed a vulnerability in the browser's History Search feature which allowed for remote attackers to read the browser history of the users visiting a maliciously crafted web page. Even though Opera rated this vulnerability as “Extremely Severe”, it seems that they did not properly analyze the flawed resource, as security researchers have just announced a remote code execution vulnerability originating in the same code.

The new vulnerability was discovered when security researchers Roberto Suggi Liverani, Stefano Di Paola, and Aviv Raff took a closer look at the patched XSS history search vulnerability. Roberto Suggi Liverani, IT Security Consultant at Security Assessment, is also the researcher credited with discovering and reporting the original History Search flaw to Opera.

The remote code execution is more dangerous than the previous one as it allows for any potentially malicious code to be executed when a user visits a page set up by the attacker. Aviv Raff created a proof of concept exploit page that executes the calc.exe application on Windows machines when it is visited. Even though this example no longer works in 9.61, Raff claims that he has another PoC that does, but he will only release it after Opera fixes the issue. The researcher pointed out that the Linux and Mac OSX versions of Opera are also affected.

"They should have looked at the code of this local resource for more vulnerabilities. The fixed one is within the displayed links in the searched history. The unfixed one is within the Previous/Next links of the history search page itself," commented Aviv Raff for The Register.

Opera has been notified about the new flaw and is currently working on a fix which will be included in the 9.62 update. According to Thomas Ford, spokesman for Opera Software, there is no exact release date for Opera 9.62, but he estimates that it will come very soon.

The Register reports that Mr. Ford also commented on the latest security issues discovered. "We always appreciate people digging and looking for security vulnerabilities in our products. We want them to be as robust as they can be," he stated.

[bahirzaheri8]

Opera... holy !"£$$ thats my browser

[shan]

dont worry the issue has been fixed. no wonder opera relesed updates rapidly

[utkarsh30june]

Yes, Opera and Mozilla are fast in selivering updates.

[shan]

thats where ie falls back. they currently have a lot of truble with mcafee softwares which both people arnt bothered to fix quikly though they know it.

[brayden]

I still can't believe Mozilla already has released a beta for Firefox 3.1

[shan]

the privet browsing thing is still to come. hope its on beta2. i heard it was under heavy tesing 6 months ago

[brayden]

Yer my brother will love p0rn mode and sometimes I don't want people looking at my sites.

[utkarsh30june]

I am too waiting for Firefox 3.1 B2. I think Firefox 3.1 Final will be released near IE 8 Final release date