Opera < 8.02 Multiple Vulnerabilities

This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser which is affected by multiple
issues.

Description :

The remote host is using Opera, an alternative web browser.

The version of Opera installed on the remote host contains several
flaws. One involves imaging dragging and could result in cross-site
scripting attacks and user file retrieval. A second may let attackers
spoof the file extension in the file download dialog provided the
'Arial Unicode MS' font has been installed, which is the case with
various Microsoft Office products. And a third is a design error in
the processing of mouse clicks in new browser windows that may be
exploited to trick a user into downloading and executing arbitrary
programs on the affected host.

See also :

http://secunia.com/advisories/15756/
http://secunia.com/advisories/15870/
http://secunia.com/secunia_research/2005-19/advisory/

Solution :

Upgrade to Opera 8.02 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 19312 ()

Bugtraq ID: 14402
14410
15835

CVE ID: CVE-2005-2405
CVE-2005-2406
CVE-2005-2407

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now