Vulnwatch mailing list archives
[SA12981] Secunia Research: Opera Download Dialog Spoofing Vulnerability
From: Thomas Kristensen <tk () secunia com>
Date: Sat, 11 Dec 2004 00:12:45 +0100
====================================================================== Secunia Research 10/12/2004 - Opera Download Dialog Spoofing Vulnerability - ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Description of Vulnerability.........................................3 Solution.............................................................4 Time Table...........................................................5 Credits..............................................................6 About Secunia........................................................7 Verification.........................................................8 ====================================================================== 1) Affected Software Opera 7.54 for Windows Prior versions may also be vulnerable. ====================================================================== 2) Severity Rating: Moderately critical Impact: Spoofing Where: From remote ====================================================================== 3) Description of Vulnerability Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to trick users into executing malicious files. The vulnerability is caused due to the filename and the "Content-Type" header not being sufficiently validated before being displayed in the file download dialog. This can be exploited to spoof file types in the download dialog by passing specially crafted "Content-Disposition" and "Content-Type" headers containing dots and ASCII character code 160. Successful exploitation may result in users being tricked into executing a malicious file via the download dialog. The vulnerability has been confirmed on Opera 7.54 for Windows. Other versions may also be affected. ====================================================================== 4) Solution Update to version 7.54u1. http://www.opera.com/download/ ====================================================================== 5) Time Table 25/10/2004 - Vulnerability discovered. 01/11/2004 - Vendor notified. 01/11/2004 - Vendor confirms the vulnerability. 10/12/2004 - Public disclosure. ====================================================================== 6) Credits Discovered by Andreas Sandblad, Secunia Research. ====================================================================== 7) About Secunia Secunia collects, validates, assesses, and writes advisories regarding all the latest software vulnerabilities disclosed to the public. These advisories are gathered in a publicly available database at the Secunia web site: http://secunia.com/ Secunia offers services to our customers enabling them to receive all relevant vulnerability information to their specific system configuration. Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/secunia_security_advisories/ ====================================================================== 8) Verification Please verify this advisory by visiting the Secunia web site: http://secunia.com/secunia_research/2004-19/advisory/ ====================================================================== -- Kind regards, Thomas Kristensen CTO Secunia Toldbodgade 37B 1253 Copenhagen K Denmark Tlf.: +45 7020 5144 Fax: +45 7020 5145
Current thread:
- [SA12981] Secunia Research: Opera Download Dialog Spoofing Vulnerability Thomas Kristensen (Dec 12)