CVE-2009-1234

Opera Browser 9.52 and 9.64 - Denial of Service via Malformed XML Document

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1234. PoCs published by Ahmed Obied.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Opera 9.64 by serving a maliciously crafted XML file with an oversized string. The exploit sets up a simple HTTP server to deliver the payload when a victim visits the server.

Description

Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52 is also affected.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ahmed Obied · pythondosmultiple

https://www.exploit-db.com/exploits/8320

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Opera 9.64 by serving a maliciously crafted XML file with an oversized string. The exploit sets up a simple HTTP server to deliver the payload when a victim visits the server.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Opera 9.64

No auth needed

Prerequisites: Victim must visit the malicious HTTP server · Opera 9.64 must be used by the victim

MITRE ATT&CK