Registering Opera as a protocol handler can allow it to be used to execute arbitrary code

Type opera
Reporter Opera
Modified 2008-12-16T00:00:00


When an application attempts to access a URL that uses a protocol that it does not understand, it may choose to pass the URL to a registered handler for that protocol. If that registered handler is Opera, it will be started, passing the URL to open. Some external applications do not ensure that the URL they are passing is in a valid format for a URL, and may pass it without correct URL encoding. Carefully constructed URLs may cause Opera to treat these incorrectly encoded URLs as command line parameters, which could then be exploited to run code of the attacker's choice.