“Highly critical” Opera vulnerability discovered
A highly critical buffer overflow vulnerability affecting the Opera browser has been discovered by Marcin Ressel of Secunia:
The vulnerability is caused due to an error when processing HTTP responses having a malformed “Content-Length” header. This can be exploited to cause a heap-based buffer overflow via an overly large 64-bit “Content-Length” value, having the higher 32-bit part negative.
The vulnerability allows the attacker to gain remote access to the system and execute arbitrary code. As far as it’s known, it affects version 10.50 for Windows, but other versions could also be affected.
There is currently no patch for the flaw – users are advised not to visit untrusted website or follow untrusted links, but there is also the option of using an alternative browser until the release of a patch.