Opera Content-Disposition extension spoofing

opera-content-disposition-extension-spoofing (21784) The risk level is classified as MediumMedium Risk

Description:

Opera could allow a remote attacker to spoof file types in the file download dialog. A remote attacker can create a specially-crafted Content-Disposition HTTP header to spoof the file extension. The attacker could exploit this vulnerability to possibly cause the victim to open malicious file types.

Note: Successful exploitation requires that the "Arial Unicode MS" font (ARIALUNI.TTF) is installed on the system. This font is installed with various Microsoft Office distributions.


Consequences:

Gain Access

Remedy:

Upgrade to the latest version of Opera (8.02 or later), available from the Opera Download page. See References.

References:

  • Opera Download page: Download Opera Web Browser.
  • Opera Web site: Opera Web Browser.
  • BID-14402: Opera Web Browser Content-Disposition Header Download Dialog File Extension Spoofing Vulnerability
  • CVE-2005-2405: Opera 8.01, when the Arial Unicode MS font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in the file download dialog box, which allows remote attackers to spoof file extensions and possibly trick users into executing arbitrary code.
  • SA15870: Opera Download Dialog Spoofing and "setRequestHeader()" Vulnerabilities
  • SECTRACK ID: 1014592: Opera Error in Processing Extended ASCII Codes Lets Remote Users Spoof File Extensions in the Download Dialog Box
  • VUPEN/ADV-2005-1251: Opera Multiple Cross Site Scripting and Spoofing Vulnerabilities

Platforms Affected:

  • Opera Opera Browser 8.01

Reported:

Jul 28, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page