Opera < 7.50 File Download Extension Spoofing

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

Arbitrary code might be run on the remote host.

Description :

The version of Opera installed on the remote host contains a flaw that
may allow a malicious user to trick a user into running arbitrary
code.

The issue is triggered when an malicious website provides a file for
download, but crafts the filename in such a way that the file is
executed, rather than saved.

It is possible that the flaw may allow arbitrary code execution
resulting in a loss of confidentiality, integrity, and/or
availability.

Solution :

Install Opera 7.50 or later.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 2.6
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 14247 ()

Bugtraq ID: 9640

CVE ID: CVE-2004-2083

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now