| VID |
28669 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Opera web browser which is older than version 8.50 is detected as installed on the host. Opera is a Web browser, developed by Opera Software, for multiple operating systems. Opera versions prior to 8.50 could be exploited by a remote attacker to bypass certain security restrictions or conduct spoofing and cross site scripting attacks:
1) Attached files are opened without any warnings directly from the user's cache directory. This can be exploited to execute arbitrary JavaScript in context of "file://".
2) Normally, filename extensions are determined by the "Content-Type" in Opera Mail. However, by appending an additional '.' to the end of an email attachment filename, an HTML file could be spoofed to be e.g. "image.jpg.". An attacker could use this vulnerability to obtain sensitive information by viewing local files on the system.
3) The browser is affected by an unspecified drag-and-drop vulnerability that facilitates unintentional file uploads.
A remote attacker could construct a hostile Web site that contains a malicious script exploiting these vulnerabilities, which would be executed in the victim's Web browser within the security context of the hosting site, once the malicious link is clicked.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.frsirt.com/english/advisories/2005/1789
http://www.opera.com/docs/changelogs/windows/850
http://www.opera.com/docs/changelogs/linux/850
http://secunia.com/secunia_research/2005-42/
http://secunia.com/advisories/16645/
* Platforms Affected:
Opera Software, Opera versions prior to 8.50
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Opera (8.50 or later), available from the Opera Web site at http://www.opera.com/download/ |
| Related URL |
CVE-2005-3006,CVE-2005-3007,CVE-2005-3041 (CVE) |
| Related URL |
14880,14884 (SecurityFocus) |
| Related URL |
22335,22337 (ISS) |
|
