CVE-2003-1387
Opera 6.05-6.06 - Remote Code Execution via Long URL Username
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2003-1387. PoCs published by nesumin.
AI-analyzed exploit summary The provided text describes a buffer overflow vulnerability in the Opera browser for Win32 systems, triggered by an excessively long username in a URI. The vulnerability can lead to remote code execution on client systems.
Description
Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, allows remote attackers to execute arbitrary code via a URL with a long username.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by nesumin · textdoswindows
https://www.exploit-db.com/exploits/22239
The provided text describes a buffer overflow vulnerability in the Opera browser for Win32 systems, triggered by an excessively long username in a URI. The vulnerability can lead to remote code execution on client systems.
Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target:
Opera browser for Win32
No auth needed
Prerequisites:
User interaction required to visit a malicious link
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (5)
Core 5
Core References
Broken Link, Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/311194
Broken Link, Exploit, Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/315794
Broken Link, Patch, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/6811
Broken Link third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3253
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11281
Scores
EPSS
0.1467
EPSS Percentile
96.2%
Details
CWE
CWE-120
Status
published
Products (3)
opera/opera_browser
6.05
opera/opera_browser
6.06
opera/opera_browser
7.0 beta1 (3 CPE variants)
Published
Dec 31, 2003
Tracked Since
Feb 18, 2026