Opera Web Browser CLSID File Extension Misrepresentation Vulnerability
BID:9640
Info
Opera Web Browser CLSID File Extension Misrepresentation Vulnerability
| Bugtraq ID: | 9640 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 11 2004 12:00AM |
| Updated: | Feb 11 2004 12:00AM |
| Credit: | This issue was published in an advisory released by Secunia <http://www.secunia.com>. |
| Vulnerable: |
Opera Software Opera Web Browser 7.23 Opera Software Opera Web Browser 7.22 Opera Software Opera Web Browser 7.21 Opera Software Opera Web Browser 7.20 Beta 1 build 2981 Opera Software Opera Web Browser 7.20 Opera Software Opera Web Browser 7.11 j Opera Software Opera Web Browser 7.11 b Opera Software Opera Web Browser 7.11 Opera Software Opera Web Browser 7.10 Opera Software Opera Web Browser 7.0 win32 Beta 2 Opera Software Opera Web Browser 7.0 win32 Beta 1 Opera Software Opera Web Browser 7.0 win32 Opera Software Opera Web Browser 7.0 3win32 Opera Software Opera Web Browser 7.0 2win32 Opera Software Opera Web Browser 7.0 1win32 |
| Not Vulnerable: | |
Discussion
Opera Web Browser CLSID File Extension Misrepresentation Vulnerability
A vulnerability has been reported in Opera that may allow files to be misrepresented to client users. The reported vulnerability involves specifying the CLSID for HTML applications in the name of a malicious file, followed by another file name and extension.
This issue could be exploited to disguise executable content in the form of an HTML application (HTA) file as a file type that may appear innocuous to a victim user, such as a media file. The file will appear to be of an attacker-specified type in the file download dialog presented to the user. The user may then download/open that file under the assumption it is safe, which could result in execution of malicious code on the client system in the context of the victim user. A proof-of-concept was released which creates an embedded web interface to play a media file, which could further convince the user to open the malicious HTML application.
Opera versions 7.x have been reported to be prone to this issue, however, other versions could be affected as well.
A vulnerability has been reported in Opera that may allow files to be misrepresented to client users. The reported vulnerability involves specifying the CLSID for HTML applications in the name of a malicious file, followed by another file name and extension.
This issue could be exploited to disguise executable content in the form of an HTML application (HTA) file as a file type that may appear innocuous to a victim user, such as a media file. The file will appear to be of an attacker-specified type in the file download dialog presented to the user. The user may then download/open that file under the assumption it is safe, which could result in execution of malicious code on the client system in the context of the victim user. A proof-of-concept was released which creates an embedded web interface to play a media file, which could further convince the user to open the malicious HTML application.
Opera versions 7.x have been reported to be prone to this issue, however, other versions could be affected as well.
Exploit / POC
Opera Web Browser CLSID File Extension Misrepresentation Vulnerability
A proof of concept can be found at the following location:
http://secunia.com/Internet_Explorer_File_Download_Extension_Spoofing_Test/
A proof of concept can be found at the following location:
http://secunia.com/Internet_Explorer_File_Download_Extension_Spoofing_Test/
Solution / Fix
Opera Web Browser CLSID File Extension Misrepresentation Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Opera Web Browser CLSID File Extension Misrepresentation Vulnerability
References:
References:
- Opera Browser File Download Extension Spoofing (Secunia)
- Opera Web Browser Home Page (Opera Software)