Opera for Windows URL Handling Code Execution Vulnerability

Secunia ID	SA30937
CVE-ID	CVE-2008-3079
Release Date	03 Jul 2008
Last Change	20 Aug 2008
Criticality	Highly Critical
Solution Status	Vendor Patch
Software	Opera 5.x Opera 6.x Opera 7.x Opera 8.x Opera 9.x
Where	From remote
Impact	System access This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Description	A vulnerability has been reported in Opera, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the processing of command line parameters received when the application is registered as a protocol handler. This can be exploited to execute arbitrary code by tricking the user into clicking a specially crafted, incorrectly encoded URL. The vulnerability is reported in versions prior to 9.51.
Solution	Update to version 9.51. http://www.opera.com/download/
Reported by	The vendor credits Billy Rios.
Original Advisory	Opera: http://www.opera.com/docs/changelogs/windows/951/ http://www.opera.com/support/search/view/891/