Info

Disclosure

Jul 25, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Opera contains a flaw that may allow a remote denial of service. The issue is triggered when a background property is set to an overly long URL, and will result in loss of availability for the application.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Solution: Upgrade
Exploit: Exploit Public

Solution

Upgrade to version 9.01 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Opera Software ASA

References

CVE ID: 2006-3945 (see also: NVD)
Metasploit ID: 27374
ISS X-Force ID: 27977
VUPEN Advisory: ADV-2006-2987
Other Advisory URL: http://browserfun.blogspot.com/2006/07/mobb-26-opera-css-background.html
Generic Exploit URL: http://metasploit.com/users/hdm/tools/browserfun/mobb_026.html
Keyword: MoBB #26

Credit

H.D. Moore -

Direct URL: http://osvdb.org/27374