ID CVE-2005-0456
Summary Opera 7.54 and earlier does not properly validate base64 encoded binary data in a data: (RFC 2397) URL, which causes the URL to be obscured in a download dialog, which may allow remote attackers to trick users into executing arbitrary code.
References
Vulnerable Configurations
  • cpe:2.3:a:opera_software:opera_web_browser:5.0:*:linux:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:5.0:*:linux:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:5.0:*:mac:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:5.0:*:mac:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:5.0.2:*:win32:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:5.0.2:*:win32:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:5.1.0:*:win32:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:5.1.0:*:win32:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:5.1.1:*:win32:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:5.1.1:*:win32:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:5.12:*:*:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:5.12:*:*:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:5.12:*:win32:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:5.12:*:win32:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:6.0:*:win32:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:6.0:*:win32:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:linux:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:linux:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:win32:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:6.0.1:*:win32:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:6.0.2:*:linux:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:6.0.2:*:linux:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:6.0.2:*:win32:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:6.0.2:*:win32:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:6.0.3:*:linux:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:6.0.3:*:linux:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:6.0.3:*:win32:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:6.0.3:*:win32:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:6.0.4:*:win32:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:6.0.4:*:win32:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:6.0.5:*:win32:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:6.0.5:*:win32:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:6.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:6.0.6:*:win32:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:6.0.6:*:win32:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:6.10:*:linux:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:6.10:*:linux:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:7.0:*:win32:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:7.0:*:win32:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:7.0.1:*:win32:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:7.0.1:*:win32:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:7.0.2:*:win32:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:7.0.2:*:win32:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:7.0.3:*:win32:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:7.0.3:*:win32:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:7.0_beta1:*:win32:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:7.0_beta1:*:win32:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:7.0_beta2:*:win32:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:7.0_beta2:*:win32:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:7.10:*:*:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:7.10:*:*:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:7.11:*:*:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:7.11:*:*:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:7.11b:*:*:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:7.11b:*:*:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:7.11j:*:*:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:7.11j:*:*:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:7.20:*:*:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:7.20:*:*:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:7.20_beta1_build2981:*:*:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:7.20_beta1_build2981:*:*:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:7.21:*:*:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:7.21:*:*:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:7.22:*:*:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:7.22:*:*:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:7.23:*:*:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:7.23:*:*:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:7.50:*:*:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:7.50:*:*:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:7.51:*:*:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:7.51:*:*:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:7.52:*:*:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:7.52:*:*:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:7.53:*:*:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:7.53:*:*:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:7.54:*:*:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:7.54:*:*:*:*:*:*:*
  • cpe:2.3:a:opera_software:opera_web_browser:9.10:*:*:*:*:*:*:*
    cpe:2.3:a:opera_software:opera_web_browser:9.10:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 11-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
cert-vn VU#882926
confirm http://www.opera.com/linux/changelogs/754u2/
gentoo GLSA-200502-17
secunia 13818
suse SUSE-SA:2005:031
xf opera-data-dialog-spoofing(18867)
Last major update 11-07-2017 - 01:32
Published 12-01-2005 - 05:00
Last modified 11-07-2017 - 01:32
Back to Top