Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0473

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2004-0473
Last Modified 10 Sep 2008 03:26:35
Published 07 Jul 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2004-0473

Summary

Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that begin a hostname in a telnet URI, which allows remote attackers to insert options to the resulting command line and overwrite arbitrary files via (1) the "-f" option on Windows XP or (2) the "-n" option on Linux.

Vulnerable Systems

Application

  • Opera Software Opera Web Browser 9.10


References

CONFIRM - http://www.opera.com/linux/changelogs/750/index.dml

GENTOO - GLSA-200405-19

XF - opera-telnet-file-overwrite(16139)

BID - 10341

IDEFENSE - 20040512 Opera Telnet URI Handler File Creation/Truncation Vulnerability

SECTRACK - 1010142


Last Updated: 27 May 2016 10:38:37