0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Opera Web Browser 12.11 Crash PoC
Title : Opera Web Browser 12.11 WriteAV Vulnerability Version : 12.11 Build 1661 and 12.12 Date : 2012-12-03 Vendor : http://www.opera.com/ Impact : High Contact : coolkaveh [at] rocketmail.com Twitter : @coolkaveh tested : windows XP SP3 Author : coolkaveh ##################################################################################################################### Opera is a web browser and Internet suite developed by Opera Software with over 270 million users worldwide. The browser handles common Internet-related tasks such as displaying web sites, sending and receiving e-mail Messages, managing contacts, chatting on IRC, downloading files via BitTorrent, and reading web feeds. Opera is Offered free of charge for personal computers and mobile phones. ##################################################################################################################### Bug : ---- Heap corruption during the handling of the Gif files context-dependent Successful exploits can allow attackers to execute arbitrary code ---- ###################################################################################################################### (f00.704): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=00000b0b ebx=0000000b ecx=0000100b edx=042bc048 esi=0417ffff edi=00141048 eip=67237c8b esp=0012e3d8 ebp=0000001e iopl=0 nv up ei ng nz na po cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010283 *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Opera\Opera.dll - Opera!OpSetLaunchMan+0xb69f5: 67237c8b 880e mov byte ptr [esi],cl ds:0023:0417ffff=?? 0:000>!exploitable -v eax=00000b0b ebx=0000000b ecx=0000100b edx=042bc048 esi=0417ffff edi=00141048 eip=67237c8b esp=0012e3d8 ebp=0000001e iopl=0 nv up ei ng nz na po cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010283 Opera!OpSetLaunchMan+0xb69f5: 67237c8b 880e mov byte ptr [esi],cl ds:0023:0417ffff=?? HostMachine\HostUser Executing Processor Architecture is x86 Debuggee is in User Mode Debuggee is a live user mode debugging session on the local machine Event Type: Exception *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\WINMM.dll - Exception Faulting Address: 0x417ffff First Chance Exception Type: STATUS_ACCESS_VIOLATION (0xC0000005) Exception Sub-Type: Write Access Violation Exception Hash (Major/Minor): 0x63712c74.0x0c14230f Stack Trace: Opera!OpSetLaunchMan+0xb69f5 Opera!OpSetLaunchMan+0xb66fc Opera!OpSetLaunchMan+0xb644a Opera!OpSetLaunchMan+0x38f4d Opera!OpSetLaunchMan+0x1b7b3 Opera!OpSetLaunchMan+0x20a498 Opera!OpSetLaunchMan+0x1fb4e3 Opera!OpSetLaunchMan+0x1fb5d5 Opera!OpSetLaunchMan+0x16d0c1 ntdll!RtlRemoveVectoredExceptionHandler+0x2a2 ntdll!RtlAllocateHeap+0x117 Opera!OpSetLaunchMan+0x1503b9 ntdll!RtlRemoveVectoredExceptionHandler+0x823 ntdll!RtlFreeHeap+0x130 WINMM!timeGetTime+0x2c Instruction Address: 0x0000000067237c8b Description: User Mode Write AV Short Description: WriteAV Exploitability Classification: EXPLOITABLE Recommended Bug Title: Exploitable - User Mode Write AV starting at Opera!OpSetLaunchMan+0x00000000000b69f5 (Hash=0x63712c74.0x0c14230f) User mode write access violations that are not near NULL are exploitable. ################################################################################ Proof of concept included. http://www5.zippyshare.com/v/97852312/file.html # 0day.today [2024-06-30] #