HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2007-03
Opera JPEG Image and JavaScript Handling Remote Code Execution Vulnerabilities

Original issue date: January 09, 2007
Updated on: January 16, 2007

Severity Rating: high

System Affected

Opera versions prior to 9.10

Overview

Two vulnerabilities have been reported in Opera browser which could be exploited by remote attackers to take complete control of an affected system.

Description

1. Opera Web Browser JPG Image DHT Marker Heap Corruption Vulnerability ( CVE-2007-0126 )

The DHT marker is used to define a Huffman Table which is used for decoding the image data.

An heap overflow vulnerability has been reported in Opera browser while processing a JPEG image with a specially crafted DHT marker due to an invalid number of index bytes. This could be exploited by remote attackers to execute arbitrary commands by enticing a user to visit a malicious webpage through a vulnerable browser.

2. Opera Web Browser createSVGTransformFromMatrix Object Typecasting Vulnerability ( CVE-2007-0127 )

A vulnerability has been reported in Opera browser due to an error while passing malformed object to "createSVGTransformFromMatrix()" JavaScript function.

This could be exploited by remote attackers to execute arbitrary commands by enticing a user to visit a malicious webpage through a vulnerable browser.

Workaround

Disable javascript in the browser settings.

Solution

Upgrade to Opera version 9.10
http://www.opera.com/download/

Vendor Information

Opera
http://www.opera.com/

References

FrSIRT
http://www.frsirt.com/english/advisories/2007/0060

Secunia
http://secunia.com/advisories/23613/

iDefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=457
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=458

SECWATCH
http://secwatch.org/advisories/1016651/

CVE Name
CVE-2007-0126
CVE-2007-0127

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003