Quote: Originally Posted by sa1
Can you PM me a link where the php code works? (Only if its acceptable to you. I won't spread it.). I want to try for myself.
I don't know if they are playing the security-by-obscurity card. But haavard is only an employee and this is not the official Opera reply yet. At least they have a good track record at patching vulnerabilities quickly that do make it out into the open unlike IE. So hopefully if what you are saying is true, it should be fixed quickly.
Sure, I'll PM you with the URL to the PHP exploit as soon as I can. EDIT
: For some reason the forums say you've been set to not receive private messages. Sorry, I can't seem to send you the link because of this!
Notable, SANS just picked up this story as well. Their reporting says that there are actually two overflow vulnerabilities - one is a DoS crash, the other allows remote code execution. See this story
for more details.