Severity
Extremely Severe
Problem Description
When an application attempts to access a URL that uses a protocol that it does not understand, it may choose to pass the URL to a registered handler for that protocol. If that registered handler is Opera, it will be started, passing the URL to open.
Some external applications do not ensure that the URL they are passing is in a valid format for a URL, and may pass it without correct URL encoding.
Carefully constructed URLs may cause Opera to treat these incorrectly encoded URLs as command line parameters, which could then be exploited to run code of the attacker’s choice.
Affected versions
This vulnerability affects Opera for Microsoft Windows.
Opera’s Response
Opera Software has released Opera 9.51, where this issue has been fixed.
Credits
Thanks to Billy Rios for reporting this issue to Opera Software.