Lucene search
HistoryAug 01, 2005 - 4:00 a.m.
CVE-2005-2405
opera
8.01
arial unicode ms
font
file download
dialog box
remote attackers
file extensions
arbitrary code
vulnerability
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.9 Medium
AI Score
Confidence
High
0.017 Low
EPSS
Percentile
87.9%
Opera 8.01, when the “Arial Unicode MS” font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in the file download dialog box, which allows remote attackers to spoof file extensions and possibly trick users into executing arbitrary code.
Affected configurations
Node
operaopera_browserMatch8.01
| CPE | Name | Operator | Version |
|---|---|---|---|
| opera:opera_browser | opera opera browser | eq | 8.01 |
Related
openvas
openvas
FreeBSD Ports: linux-opera, opera-devel, opera
2008-09-04 00:00:00
FreeBSD Ports: linux-opera, opera-devel, opera
2008-09-04 00:00:00
cvelist
cvelist
CVE-2005-2405
2005-07-28 04:00:00
nvd
nvd
CVE-2005-2405
2005-08-01 04:00:00
nessus
nessus
Opera < 8.02 Multiple Vulnerabilities
2005-07-29 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.9 Medium
AI Score
Confidence
High
0.017 Low
EPSS
Percentile
87.9%
Related for CVE-2005-2405