Wii Browser Exploit Found

[Opium]

Wii Browser Exploit Found

Opera browser exploit crashes Wii







An Opera browser exploit has been found which crashes the Wii and supposedly would allow the execution of code. No code has yet been run but you can try out the exploit for yourself by pointing your Wii browser to this link.

​

After details about new Opera vulnerabilities were released, one was tested that crashed the Wii. Here's what the founder, lbradeen, says about the exploit:

I saw the new Opera vulnerabilities disclosed yesterday and decided to try them out on my Wii. It seems that the Wii is vulnerable to the createSVGTransformFromMatrix vulnerability as it crashes the system. The disclosure describes the vulnerability as being able to be used to execute code. Don't update your Wii's any time soon!!!

Although this is certainly interesting we advise you not to get too excited, nothing has been done with this exploit so far.

lbradeen's Website

 

[phoood]

YAY for exploits!

I wonder when any of these will finally become useful. Time will tell... =D

 

[Opium]

It is nice to see that some forms of exploits are being found

I tried out the exploit myself, what it seemed to do was freeze the Opera browser. It no longer responded and the Mouse pointer disappeared and no input from the Wiimote worked. I dunno, perhaps this crash can be exploited.

 

[Samutz]

Yay Viirus!

 

[fischju_original]

It is nice to see that some forms of exploits are being found

no its not. now nintendo can patch it easily


lawl, this crashes opera on my pc too

 

[angelfly]

It is nice to see that some forms of exploits are being found

no its not. now nintendo can patch it easily

good thing updates are done manually so it can't be forced

 

[fischju_original]

This early in the wii lifespan, it pretty much is forced

 

[EarthBound]

The Wii can update itself right?I dont think i ever turned it off,but good thing its unpluged.Ill just unplug my Wifi-Max =D

 

[cruddybuddy]

Just change your setting so the Wii will not automatically update.

 

[fischju_original]

Have you seen how much space is available for new channels? Nobody is going to want a wii with just the weather channel so they can run homebrew

 

[Opium]

Have you seen how much space is available for new channels? Nobody is going to want a wii with just the weather channel so they can run homebrew

To the end user running homebrew code through a browser crash isn't the ultimate goal here. If indeed this browser crash can allow people to run their own homebrew code then they may be able to access Wii system files. Things like dumping the firmware and whatnot are not out of the realm of possibility. From that other exploits can be found.

But this is just speculation of course, providing that the browser crash can actually let you run code.

 

[DaRk_ViVi]

It would be nice to allow new channels to be installed on the Wii, like a "Wii Backup Channel" and "GC Backup Channel" or a "*Insert Homebrew name here* Channel".

Who cares about "Weather Channel"? XD

 

[TheStump]

i pretty much have no idea what this means, but im sure its great news.

 

[kersplatty]

could this be backdoor number 2!!!!

 

[accolon]

According to heise Security, Opera Software "argues that it is not easy to exploit the heap overflow consistently". "Attackers can specially call the function createSVGTransformFromMatrix to have the browser execute code with the user's rights."

Because of Opera's architecture, using buffer or heap overflows was never very successful with this browser. Additionally, nobody knows what rights the Wii Opera has. Since it does not seem to have access to the flash memory and SD slot (you can't save/load data), it might be hard to use this exploit for anything, even if you could execute your own code.

 

[Scorpei]

According to heise Security, Opera Software "argues that it is not easy to exploit the heap overflow consistently". "Attackers can specially call the function createSVGTransformFromMatrix to have the browser execute code with the user's rights."

Because of Opera's architecture, using buffer or heap overflows was never very successful with this browser. Additionally, nobody knows what rights the Wii Opera has. Since it does not seem to have access to the flash memory and SD slot (you can't save/load data), it might be hard to use this exploit for anything, even if you could execute your own code.

Hmm, doesn't it have acces to its own save file? I noticed there was a save file for the browser.....If it does, and if it's big enough and (I like variables

) it has the proper rights, it should be feasable?

*additional question: Is the browser Wii locked? Can one exchange the binaries between Wii's?

 

[flai]

Hmm, I'll give this a go just now.

EDIT - Does work, but expect to see a plethora of Wii viruses in the near future...

 

[Athlon-pv]

It is nice to see that some forms of exploits are being found

no its not. now nintendo can patch it easily

lawl, this crashes opera on my pc too

Doesnt crash under Opera 9.10 atleast not under linux

 

[Scorpei]

It is nice to see that some forms of exploits are being found

no its not. now nintendo can patch it easily

lawl, this crashes opera on my pc too

Doesnt crash under Opera 9.10 atleast not under linux

That's because they fixed it in 9.10.

 

[Athlon-pv]

I know but the other guy didnt