CVE-2003-1387

Vulnerability

A stack buffer overflow exists in Opera 6.05 and 6.06 for Windows (also tested on Opera 6.05 build 1140, Opera 7 beta2 build 2577, and possibly other versions) when parsing a URL with an excessively long username. The overflow occurs because the browser copies the username portion of the HTTP URL into a fixed-size stack buffer without proper bounds checking. According to [1], the vulnerable versions include Opera6.05 build 1140 and Opera7 beta2 build 2577.

Exploitation

An attacker can trigger the overflow remotely by enticing the victim to open a malicious URL containing a long username. The URL can be delivered via an anchor tag, image tag, frame, or script, thus requiring no authentication. The attack complexity is low, as no special network position is needed beyond standard web traffic. When the browser attempts to process the long username, it overwrites the saved return address on the stack, enabling control-flow hijacking [1].

Impact

Successful exploitation allows an attacker to execute arbitrary binary code in the context of the current user. This can lead to full system compromise, including data loss, system destruction, or virus infection. The CVSS base score of 7.5/10 reflects partial impacts to confidentiality, integrity, and availability [1].

Mitigation

Opera Software released a fix in a subsequent version; users should upgrade to a patched release of Opera (e.g., Opera 7.01 or later). According to [1], Opera 7.00 build 2637 was tested as unvulnerable, suggesting the fix was incorporated around that time. No workarounds are documented in the available references, and this CVE is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the last update.