TITLE: Opera Download Dialog Spoofing Vulnerability SECUNIA ADVISORY ID: SA12981 VERIFY ADVISORY: http://secunia.com/advisories/12981/ CRITICAL: Moderately critical IMPACT: Spoofing WHERE: >From remote SOFTWARE: Opera 7.x http://secunia.com/product/761/ DESCRIPTION: Secunia Research has discovered a vulnerability in Opera, which can be exploited by malicious people to trick users into executing malicious files. The vulnerability is caused due to the filename and the "Content-Type" header not being sufficiently validated before being displayed in the file download dialog. This can be exploited to spoof file types in the download dialog by passing specially crafted "Content-Disposition" and "Content-Type" headers containing dots and ASCII character code 160. Successful exploitation may result in users being tricked into executing a malicious file via the download dialog. The vulnerability has been confirmed on Opera 7.54 for Windows. Other versions may also be affected. SOLUTION: Update to version 7.54u1. http://www.opera.com/download/ PROVIDED AND/OR DISCOVERED BY: Andreas Sandblad, Secunia Research. ORIGINAL ADVISORY: http://secunia.com/secunia_research/2004-19/advisory/ OTHER REFERENCES: Vendor advisory: http://www.opera.com/support/search/supsearch.dml?index=782 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------