CVE-2006-1834

Opera < 8.54 - Remote Code Execution via Stylesheet Attribute Length Check Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1834. PoCs published by SEC Consult.

AI-analyzed exploit summary This exploit leverages a buffer overflow vulnerability in Opera 8.52 by using an overly long font-family value in a CSS style tag to trigger a crash. The PoC demonstrates the vulnerability but does not include executable payloads.

Description

Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SEC Consult · textdoslinux

https://www.exploit-db.com/exploits/27641

View Code ZIP pw:eip

This exploit leverages a buffer overflow vulnerability in Opera 8.52 by using an overly long font-family value in a CSS style tag to trigger a crash. The PoC demonstrates the vulnerability but does not include executable payloads.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Opera 8.52

No auth needed

Prerequisites: Victim must visit a malicious webpage

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11

Core References

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/17513

Exploit vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1015912

Mailing List mailing-list x_refsource_fulldisc

http://marc.info/?l=full-disclosure&m=114493114031891&w=2

Vendor Advisory x_refsource_confirm

http://www.opera.com/docs/changelogs/windows/854/

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/25829

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/430876/100/0/threaded

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-200606-01.xml

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/1354

Exploit x_refsource_misc

http://www.sec-consult.com/259.html

Various Sources vendor-advisory x_refsource_suse

http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20117

Scores

EPSS 0.1207

EPSS Percentile 95.6%

Details

CWE

CWE-189

Status published

Products (27)

opera/opera_browser 1.00

opera/opera_browser 2.00

opera/opera_browser 2.10 (4 CPE variants)

opera/opera_browser 2.12

opera/opera_browser 3.00 (2 CPE variants)

opera/opera_browser 3.10

opera/opera_browser 3.21

opera/opera_browser 3.50

opera/opera_browser 3.51

opera/opera_browser 3.60

... and 17 more

Published Apr 19, 2006

Tracked Since Feb 18, 2026