Re: Re: Re: Re: Re: Re: Opera 9.6x file:// overflow



I don't mean to come off as a jerk here, but, most of the questions that have been asked were mentioned in the original message and in k`sOSe's code.

As I've said, Opera does not allow you to invoke the file:// handler from the Internet. I am not sure about Java applets, but JavaScript is the method used in the exploit code. We tried window.open() and window.location but neither allow it work. If you can get it to work, please let us know!

As far people that said "it worked" when a new tab opens with an error -- no, it did not work. It "works" when it the browser crashes, or ideally, calc.exe opens. I feel like Opera silently fixed this, but I don't have the time to figure it out right now.

Please, take the time to read the original message a little closer and review the PoC. I realize that it doesn't answer all questions, but it will answer a lot that have been asked here! :)

send9



Relevant Pages

  • [Full-disclosure] Re: Is Windows TCP/IP source routing PoC code available?
    ... Simple PoC and original message from Andrey Minaev, dated February, 2006 ... DJ> Is anyone aware of an exploit or POC code for this vulnerability? ... DJ> security bulletin states that Windows XP SP2 and Windows Server 2003 SP1 ...
    (Full-Disclosure)
  • Re: Is Windows TCP/IP source routing PoC code available?
    ... Simple PoC and original message from Andrey Minaev, dated February, 2006 ... DJ> Is anyone aware of an exploit or POC code for this vulnerability? ... DJ> security bulletin states that Windows XP SP2 and Windows Server 2003 SP1 ...
    (Bugtraq)
  • Re: Is Windows TCP/IP source routing PoC code available?
    ... Simple PoC and original message from Andrey Minaev, dated February, 2006 ... DJ> Is anyone aware of an exploit or POC code for this vulnerability? ... DJ> security bulletin states that Windows XP SP2 and Windows Server 2003 SP1 ...
    (Vuln-Dev)
  • Re: FC11 missing dependencies on a new install
    ... Don't hijack threads. ... I don't see in my original message what I hijacked? ... Yes, I will 'admit' that to get the fedora address, I clicked on reply to a ...
    (Fedora)
  • Re: FC11 missing dependencies on a new install
    ... Yes, I will 'admit' that to get the fedora address, I clicked on reply to a posting. ... So what did Thunderbird leave of the original message, because I can't see anything in the message I have in my folder... ...
    (Fedora)