Описание
Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in the file download dialog box, which allows remote attackers to spoof file extensions and possibly trick users into executing arbitrary code.
Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in the file download dialog box, which allows remote attackers to spoof file extensions and possibly trick users into executing arbitrary code.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2005-2405
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21784
- http://secunia.com/advisories/15870
- http://securitytracker.com/id?1014592
- http://www.opera.com/linux/changelogs/802
- http://www.securityfocus.com/bid/14402
- http://www.vupen.com/english/advisories/2005/1251
Связанные уязвимости
Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in the file download dialog box, which allows remote attackers to spoof file extensions and possibly trick users into executing arbitrary code.