Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in the file download dialog box, which allows remote attackers to spoof file extensions and possibly trick users into executing arbitrary code.
References
Link | Resource |
---|---|
http://secunia.com/advisories/15870 | Broken Link Patch |
http://securitytracker.com/id?1014592 | Broken Link Third Party Advisory VDB Entry |
http://www.opera.com/linux/changelogs/802/ | Broken Link Patch |
http://www.securityfocus.com/bid/14402 | Broken Link Third Party Advisory VDB Entry |
http://www.vupen.com/english/advisories/2005/1251 | Broken Link |
https://exchange.xforce.ibmcloud.com/vulnerabilities/21784 | Third Party Advisory VDB Entry |
http://secunia.com/advisories/15870 | Broken Link Patch |
http://securitytracker.com/id?1014592 | Broken Link Third Party Advisory VDB Entry |
http://www.opera.com/linux/changelogs/802/ | Broken Link Patch |
http://www.securityfocus.com/bid/14402 | Broken Link Third Party Advisory VDB Entry |
http://www.vupen.com/english/advisories/2005/1251 | Broken Link |
https://exchange.xforce.ibmcloud.com/vulnerabilities/21784 | Third Party Advisory VDB Entry |
Configurations
History
20 Nov 2024, 23:59
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/15870 - Broken Link, Patch | |
References | () http://securitytracker.com/id?1014592 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.opera.com/linux/changelogs/802/ - Broken Link, Patch | |
References | () http://www.securityfocus.com/bid/14402 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.vupen.com/english/advisories/2005/1251 - Broken Link | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/21784 - Third Party Advisory, VDB Entry |
Information
Published : 2005-08-01 04:00
Updated : 2024-11-20 23:59
NVD link : CVE-2005-2405
Mitre link : CVE-2005-2405
CVE.ORG link : CVE-2005-2405
JSON object : View
Products Affected
opera
- opera_browser
CWE
CWE-20
Improper Input Validation