Info

Disclosure

Feb 11, 2004

Discovery

Feb 11, 2004

Dates

Exploit

Unknown

Solution

Unknown

Description

Opera contains a flaw that may allow a malicious user to trick a user into running arbitrary code. The issue is triggered when an malicious web site provides a file for download, but crafts the filename in such a way that the file is executed, rather than saved. It is possible that the flaw may allow arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Public

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Save files to disk before opening.

Products

Opera Software ASA	Opera for Windows	7.02
		7.03
		7.10
		7.11
		7.23

References

Secunia Advisory ID: 10760
CVE ID: 2004-2083 (see also: NVD)
Bugtraq ID: 9640

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/3917

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Opera Software ASA

Opera for Windows

References

Credit