Opera < 7.23 File Download Encoded Traversal Arbitrary File Deletion
Medium Nessus Plugin ID 14246
SynopsisFiles could be overwritten on the remote host.
DescriptionThe version of Opera installed on the remote host contains a file corruption vulnerability. This issue is exposed when a user is presented with a file dialog, which will cause the creation of a temporary file. It is possible to specify a relative path to another file on the system using directory traversal sequences when the download dialog is displayed. If the client user has write permissions to the attacker-specified file, it will be corrupted.
This could be exploited to delete sensitive files on the systems.
SolutionInstall Opera 7.23 or newer.