Opera Comes Clean On the Malformed Content-Length Header Security Issue

Opera-10.5-Security-IssueLast week we reported that a highly critical security vulnerability had been uncovered in Opera for Windows. Since then, there have been several conflicting statements from Opera and Secunia regarding the seriousness of the vulnerability.

On one hand, Secunia claimed that the vulnerability is serious enough to permit the execution of arbitrary code and can even be used to gain control of the user’s system. On the other hand, several Opera employees indicated that the vulnerability is non-exploitable.

A short while ago, both Opera Software and Secunia officially issued clarifications regarding this issue. It appears that the confusion arose because the initial proof of concept code shared with Opera was in fact non-exploitable and achieved little more than crashing Opera. Accordingly, Opera Software had issued public statements based on their initial investigations.

On the next day, Secunia contacted Opera and presented a slightly modified scenario. On 64-bit systems, the modified code would still trigger a crash. However, on 32 bit systems it could cause memory corruption and (at least in theory) be exploited to execute arbitrary code. In other words, the original test case was not a security issue but the modified scenario presented by Secunia was.

Opera Software has already prepared a patch and is testing the updated build internally. The patched build should be publically released soon.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>