cbcvebase.
CVE-2010-1349
published 2010-04-12

CVE-2010-1349: Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value, which triggers a heap…

PriorityP259critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
19.79%
97.1th percentile
Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value, which triggers a heap overflow.

Affected

2 ranges
VendorProductVersion rangeFixed in
operaopera_browser
operaopera_browser

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://swswqosksqowkd
bytes
F3 A5 (REP MOVS DWORD PTR ES:[EDI],DWORD PTR DS:[ESI])
  • Exploit delivers a malicious HTTP response with a large Content-Length value to trigger a heap overflow in Opera 10.10–10.50; monitor for abnormally large Content-Length headers served to Opera clients.
  • The PoC exploit server listens on TCP port 81 by default and waits for an Opera browser connection before sending the malicious payload; alert on Opera User-Agent connections to non-standard HTTP ports such as 81.
  • The exploit uses a REP MOVS (F3 A5) instruction sequence at address 6781E0BA as part of the heap overflow primitive; this byte pattern in shellcode or heap spray context is indicative of exploitation.
  • ·The PoC defaults to TCP port 81 but accepts a command-line argument to override it, meaning the attacker-controlled server could operate on any port.
  • ·The exploit only sends the payload after receiving exactly 8 bytes from the connecting Opera client (MSG_WAITALL), so partial or malformed requests will not trigger payload delivery.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.