Описание
Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in the file download dialog box, which allows remote attackers to spoof file extensions and possibly trick users into executing arbitrary code.
Ссылки
- Broken LinkPatch
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkPatch
- Broken LinkThird Party AdvisoryVDB Entry
- Broken Link
- Third Party AdvisoryVDB Entry
- Broken LinkPatch
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkPatch
- Broken LinkThird Party AdvisoryVDB Entry
- Broken Link
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:opera:opera_browser:8.01:*:*:*:*:*:*:*
EPSS
Процентиль: 80%
0.01336
Низкий
5 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
почти 4 года назад
Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in the file download dialog box, which allows remote attackers to spoof file extensions and possibly trick users into executing arbitrary code.
EPSS
Процентиль: 80%
0.01336
Низкий
5 Medium
CVSS2
Дефекты
CWE-20