Opera is vulnerable in parsing the JPEG file format. Discovered were four vulnerabilities, each in different segments of the file format. posidron will describe in this advisory the two important ones.
1 – ntdll.RtlAllocateHeap() DHT vulnerability
2 – ntdll.RtlAllocateHeap() SOS vulnerability
Opera Mini for mobile phones could be vulnerable also. The second bug looks very interesting to this topic.
* Opera version 9.01 Build 8552
The following code produces the sample image on which all further operations are made. It’s a valid image which was generated with Adobe Photoshop.
The information has been provided by posidron.
The original article can be found at: http://www.milw0rm.com/exploits/3101