SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Opera Vendors:   Opera Software
Opera Error in Processing Extended ASCII Codes Lets Remote Users Spoof File Extensions in the Download Dialog Box
SecurityTracker Alert ID:  1014592
SecurityTracker URL:  http://securitytracker.com/id/1014592
CVE Reference:   CVE-2005-2405   (Links to External Site)
Updated:  Jul 18 2008
Original Entry Date:  Jul 28 2005
Impact:   Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 8.02; Tested on 8.01
Description:   A vulnerability was reported in the Opera web browser. A remote user can spoof file extensions in the download dialog box.

The browser does not properly process extended ASCII codes when displaying the download dialog box. A remote user can create a specially crafted HTTP 'Content-Disposition' header that, when processed by the target user, will cause the file extension to be displayed improperly. This allows the remote user to spoof file extensions in the download dialog.

This specific exploit method requires that the "Arial Unicode MS" font (ARIALUNI.TTF) be installed on the target user's system.

Andreas Sandblad of Secunia Research discovered this vulnerability.

Impact:   A remote user can spoof file extensions in the download dialog box.
Solution:   The vendor has issued a fixed version (8.02), available at:

http://www.opera.com/download/

Vendor URL:  www.opera.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (macOS/OS X), Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC