Opera < 7.50 File Download Extension Spoofing

Low Nessus Plugin ID 14247


Arbitrary code might be run on the remote host.


The version of Opera installed on the remote host contains a flaw that may allow a malicious user to trick a user into running arbitrary code.

The issue is triggered when an malicious website provides a file for download, but crafts the filename in such a way that the file is executed, rather than saved.

It is possible that the flaw may allow arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.


Install Opera 7.50 or later.

Plugin Details

Severity: Low

ID: 14247

File Name: opera_file_download_extension_spoofing.nasl

Version: $Revision: 1.17 $

Type: local

Agent: windows

Family: Windows

Published: 2004/08/10

Modified: 2014/04/25

Dependencies: 21746

Risk Information

Risk Factor: Low


Base Score: 2.6

Temporal Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

Vulnerability Information

CPE: cpe:/a:opera:opera_browser

Required KB Items: SMB/Opera/Version

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2004/02/11

Reference Information

CVE: CVE-2004-2083

BID: 9640

OSVDB: 3917