COMMAND
	Opera Buffer Overflow
SYSTEMS AFFECTED
	Tested version : Opera 7.02 Build 2668
PROBLEM
	David F. Madrid [conde0(at)telefonica(dot)net] found following:
	Opera web browser has an unchecked buffer  in  his  code  that  allow  a
	malicious website to crash it and in  certain  circumstances  ,  execute
	code with user priviliges .
	To reproduce the bug open this link
	
	http://usuarios.lycos.es/idoru/aaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
	AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
	AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
	AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zip
	
	Opera crashes with an access violation  .  Instruction  pointer  EIP  is
	overwritten by the file name converted to  unicode  .  That  makes  only
	possible to reference certain addresses in memory to execute . To  place
	your code to execute in a valid address you have  to  assign  it  to  an
	enviroment variable .That place your code in  an  address  that  can  be
	referenced by EIP ( ~00010040 )
SOLUTION
	unknown