October 22nd, 2008
On Opera patch day, a new zero-day flaw
On the same day Opera shipped a browser update with patches for three separate security vulnerabilities, hackers are openly discussion a new zero-day flaw that exposes Windows users to remote code execution attacks.
With Opera 9.61, the Norwegian browser maker corrects an issue where History Search could be used to reveal browser history (rated extremely severe); a Fast Forward bug that allows cross-site scripting (highly severe); and an information disclosure flaw in news feeds (also highly severe).
But even as Opera users were scrambling to apply the latest patches, a public discussion on the Full Disclosure mailing list exposed a zero-day vulnerability that could lead to cross-site scripting and even remote code execution attacks.
The discussion began with this Roberto Suggi advisory on the History Search bug fixed in Opera 9.61 but quickly expanded to raise the possibility of code execution attacks.
Within hours, researcher Aviv Raff discovered a way to execute code from remote and released a harmless proof-of-concept exploit that launches the Windows calculator.
I can confirm that a separate exploit exists that launches harmful code remotely against fully patched versions of the Opera browser.
Until Opera can fix this new issue, users are strongly urged to consider a different browser or avoid clicking on links on untrusted Web pages.
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
