Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Arbitrary File Download Vulnerability in Opera Web Browser
A newly discovered vulnerability in Opera for Windows can result in the arbitrary download of code to a path of an attacker’s choosing on the vulnerable system.
Ken Pfeil
November 23, 2003
2 Min Read
Reported November 20, 2003, by ::Operash::.
VERSIONS AFFECTED
Opera 7.22 for Windows and earlier
DESCRIPTION
A newly discovered vulnerability in Opera for Windows can result in the arbitrary download of code to a path of an attacker’s choosing on the vulnerable system. This vulnerability is a result of the browser’s auto-install function, which executes when Opera receives an arbitrary file that contains the MIME-type "application/x-opera-configuration-XXXXX" or "application/x-opera-skin" from a remote server. Because the automatically saved file's name isn’t sufficiently sanitized, an attacker can save the file in any directory that he or she can specify with a relative path when the filename contains the illegal character string “..%5C.”
DEMONSTRATION
The discoverer has posted sample code demonstrating this vulnerability at this web site.
VENDOR RESPONSE
Opera has released version 7.23, which isn’t vulnerable to this problem.
CREDIT
Discovered by:: Operash ::.
About the Author(s)
You May Also Like
.jpg?width=700&auto=webp&quality=80&disable=upscale)
.jpg?width=700&auto=webp&quality=80&disable=upscale)