(LiveHacking.Com) – Security Researcher José A. Vázquez has released details of a vulnerability in the Opera web browser which is caused by bugs in its SVG processing code. What is more startling is that José actually reported this vulnerability and some others, via the SecuriTeam Secure Disclosure program over 10 months ago, but Opera have done nothing about it.
So now José has decided to go public and with the help of the guys over at metasploit.com he has also released a metasploit module.
Due to the nature of the vulnerability, visiting a specially crafted web page is enough to trigger the exploit and allow the attacker to run malicious code. However the exploit isn’t successful 100% of the time. According to his testing the succes rate differs on different version of Opera:
- Opera 12 pre-alpha -> RCE on 6/10 attempts
- Opera 11.51 -> RCE on 3/10 attempts
- Opera 11.50 -> RCE on 3/10 attempts
- Opera 11.11 -> RCE on 4/10 attempts
- Opera 11.10 -> RCE on 4/10 attempts
- Opera 11.01 -> RCE on 5/10 attempts
- Opera 11.00 -> RCE on 4/10 attempts