Opera < 7.50 File Download Extension Spoofing

low Nessus Plugin ID 14247

Synopsis

Arbitrary code might be run on the remote host.

Description

The version of Opera installed on the remote host contains a flaw that may allow a malicious user to trick a user into running arbitrary code.

The issue is triggered when an malicious website provides a file for download, but crafts the filename in such a way that the file is executed, rather than saved.

It is possible that the flaw may allow arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.

Solution

Install Opera 7.50 or later.

Plugin Details

Severity: Low

ID: 14247

File Name: opera_file_download_extension_spoofing.nasl

Version: 1.18

Type: local

Agent: windows

Family: Windows

Published: 8/10/2004

Updated: 7/16/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Low

Base Score: 2.6

Temporal Score: 1.9

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:opera:opera_browser

Required KB Items: SMB/Opera/Version

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2/11/2004

Reference Information

CVE: CVE-2004-2083

BID: 9640

Detections

Analytics