Bug in the armor: Opera has vulnerable code

I don't think he meant that kind of bug.We don’t know how this affects the Wii, but… This ain’t the kind of exploit that makes the homebrewers smile. This is the one that pisses everybody off. iDefense Labs reports that there’s a bug in Opera’s implementation of JavaScript that can potentially allow someone “to execute arbitrary code on the affected host”. Last time this writer heard this phrase, he had to dump a ton of useless popup exes and malware code out of his PC HDD; hence, the piss everyone off comment. It ain’t a pretty sight, you know.

Exploitation of this vulnerability would allow an attacker to execute arbitrary code on the affected host. The attacker would first need to construct a website containing the malicious JavaScript and trick the vulnerable user into visiting the site. This would trigger the vulnerability and allow the code to execute with the privileges of the local user.

Like we said: we don’t know how this affects the Wii. The iDefense Labs report doesn’t contain anything Wii-specific, so absent the guy in this room with the IT degree, we don’t know the dynamics of this exploit in the white box (With Wii Opera, you’d expect iDefense Labs to start gathering intel on vulnerabilities as they affect the Wii…). Anyway, the latest Opera for PC platforms corrects this bug. With the Opera on Wiis right now a running beta, it’s a good bet this flaw will be patched up in a final release as well.

I don't think he meant that kind of bug.We don’t know how this affects the Wii, but… This ain’t the kind of exploit that makes the homebrewers smile. This is the one that pisses everybody off. iDefense Labs reports that there’s a bug in Opera’s implementation of JavaScript that can potentially allow someone “to execute arbitrary code on the affected host”. Last time this writer heard this phrase, he had to dump a ton of useless popup exes and malware code out of his PC HDD; hence, the piss everyone off comment. It ain’t a pretty sight, you know.

Exploitation of this vulnerability would allow an attacker to execute arbitrary code on the affected host. The attacker would first need to construct a website containing the malicious JavaScript and trick the vulnerable user into visiting the site. This would trigger the vulnerability and allow the code to execute with the privileges of the local user.

Like we said: we don’t know how this affects the Wii. The iDefense Labs report doesn’t contain anything Wii-specific, so absent the guy in this room with the IT degree, we don’t know the dynamics of this exploit in the white box (With Wii Opera, you’d expect iDefense Labs to start gathering intel on vulnerabilities as they affect the Wii…). Anyway, the latest Opera for PC platforms corrects this bug. With the Opera on Wiis right now a running beta, it’s a good bet this flaw will be patched up in a final release as well.

Add a Comment

Your email address will not be published. Required fields are marked *