Opera Comes Clean On the Malformed Content-Length Header Security Issue

Opera-10.5-Security-IssueLast week we reported that a highly critical security vulnerability had been uncovered in Opera for Windows. Since then, there have been several conflicting statements from Opera and Secunia regarding the seriousness of the vulnerability.

On one hand, Secunia claimed that the vulnerability is serious enough to permit the execution of arbitrary code and can even be used to gain control of the user’s system. On the other hand, several Opera employees indicated that the vulnerability is non-exploitable.

A short while ago, both Opera Software and Secunia officially issued clarifications regarding this issue. It appears that the confusion arose because the initial proof of concept code shared with Opera was in fact non-exploitable and achieved little more than crashing Opera. Accordingly, Opera Software had issued public statements based on their initial investigations.

On the next day, Secunia contacted Opera and presented a slightly modified scenario. On 64-bit systems, the modified code would still trigger a crash. However, on 32 bit systems it could cause memory corruption and (at least in theory) be exploited to execute arbitrary code. In other words, the original test case was not a security issue but the modified scenario presented by Secunia was.

Opera Software has already prepared a patch and is testing the updated build internally. The patched build should be publically released soon.

Published by

Pallab De

Pallab De is a blogger from India who has a soft spot for anything techie. He loves trying out new software and spends most of his day breaking and fixing his PC. Pallab loves participating in the social web; he has been active in technology forums since he was a teenager and is an active user of both twitter (@indyan) and facebook .