Opera Error in Processing Extended ASCII Codes Lets Remote Users Spoof File Extensions in the Download Dialog Box
|
|
SecurityTracker Alert ID: 1014592 |
|
SecurityTracker URL: http://securitytracker.com/id/1014592
|
|
CVE Reference:
CVE-2005-2405
(Links to External Site)
|
Updated: Jul 18 2008
|
Original Entry Date: Jul 28 2005
|
Impact:
Modification of system information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 8.02; Tested on 8.01
|
Description:
A vulnerability was reported in the Opera web browser. A remote user can spoof file extensions in the download dialog box.
The browser does not properly process extended ASCII codes when displaying the download dialog box. A remote user can create a specially crafted HTTP 'Content-Disposition' header that, when processed by the target user, will cause the file extension to be displayed improperly. This allows the remote user to spoof file extensions in the download dialog.
This specific exploit method requires that the "Arial Unicode MS" font (ARIALUNI.TTF) be installed on the target user's system.
Andreas Sandblad of Secunia Research discovered this vulnerability.
|
Impact:
A remote user can spoof file extensions in the download dialog box.
|
Solution:
The vendor has issued a fixed version (8.02), available at:
http://www.opera.com/download/
|
Vendor URL: www.opera.com/ (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
Linux (Any), UNIX (OS X), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 28 Jul 2005 13:32:16 -0400
Subject: http://secunia.com/advisories/15756/
|
Andreas Sandblad of Secunia Research has discovered a download dialog spoofing
vulnerability in Opera.
|
|
