Opera Vulnerability may allow homebrew

[Ashy]

PS2-Scene is reporting a vulnerability in the Opera Browser. They have posted code which uses SVG to crash the Wii's Web Browser. This could lead to arbitrary code execution. The hackers are busy at work trying to make something useful out of this, while Opera is probably scrambling to issue a patch to fix the problem.

Quote:

A flaw exists within Opera's Javascript SVG implementation. When processing a createSVGTransformFromMatrix request Opera does not properly validate the type of object passed to the function. Passing an incorrect object to this function can result in it using a pointer that is user controlled when it attempts to make the virtual function call.

Exploitation of this vulnerability would allow an attacker to execute arbitrary code on the affected host. The attacker would first need to construct a website containing the malicious JavaScript and trick the vulnerable user into visiting the site. This would trigger the vulnerability and allow the code to execute with the privileges of the local user.

This exploit could possibly be used to run code on the Wii!

Get more information and sample code here

[Killarapp]

Nintendo could use it to break Wii's when people's warrenty's expire imagine the possibilities of making money...

[WiiBoy619]

^^^^^^^^^^^^^


lol that would be funny.

[nutter]

thats....interestingly disturbing

[Chill]

OP 07-01-2007, 04:05 PM
no need to bring up the dead

[nutter]

Quote:

Originally Posted by Chill

OP 07-01-2007, 04:05 PM
no need to bring up the dead

lol werent me...wiiboy did it , i just saw the thread in the "new posts" search...and replied... didnt think to look at OP time...