Opera Input Validation Error in Processing MIME Content-Type/Content-Displosition Headers Lets Remote Users Spoof the File Download Dialog
Categorie: Vulnerability Posted: 2004-12-14 by ReCall Views: 374 Source: Click here
Current Rating: Not rated
Details
Description: A vulnerability was reported in Opera. A remote user may be able to spoof the download dialog box to cause the target user to execute a malicious file.
Secunia Research reported that the browser does not properly validate the filename and the MIME Content-Type header. A remote user can create a specially crafted Content-Disposition and Content-Type header containing '.' characters and ASCII character code 160 to spoof the dialog box.
Version 7.54 for Windows is affected. Other versions and platforms may also be affected.
Impact: A remote user can create HTML that, when loaded by the target user, will spoof the download dialog box. As a result, the target user may be tricked into downloading and executing a malicious file.
Solution: The vendor has issued a security update (7.54u1), available at:
