Registering Opera as a protocol handler can allow it to be used to execute arbitrary code – Opera Security Advisories

Severity

Extremely Severe

Problem Description

 

When an application attempts to access a URL that uses a protocol that it does not understand, it may choose to pass the URL to a registered handler for that protocol. If that registered handler is Opera, it will be started, passing the URL to open.

 

Some external applications do not ensure that the URL they are passing is in a valid format for a URL, and may pass it without correct URL encoding.

 

Carefully constructed URLs may cause Opera to treat these incorrectly encoded URLs as command line parameters, which could then be exploited to run code of the attacker’s choice.

Affected versions

This vulnerability affects Opera for Microsoft Windows.

Opera’s Response

Opera Software has released Opera 9.51, where this issue has been fixed.

 

Credits

Thanks to Billy Rios for reporting this issue to Opera Software.