Vulnerability Note VU#882926
Opera may insecurely execute binary data encoded in a URI
The Opera web browser fails to validate data encoded using the RFC 2397 scheme. A remote attacker may be able to execute arbitrary code on a vulnerable system.
The Opera web browser fails to properly handle binary data encoded following the RFC 2397 specification for sending data in a URI. According to RFC 2397, binary data can be encoded directly in a URI in the following format:
If binary data is encoded in a URI following the RFC 2397 scheme, and accessed via an Opera web browser, Opera will prompt the user for the action to take (OPEN, SAVE, or CANCEL). If the user attempts to open the binary data with Opera, the data should open with an application the user chooses or the default application if one isn't specified. However, Opera executes the binary data directly (if the binary data is executable).
In addition, security software such as anti-virus and content scanning applications, may not detect malicious content encoded with the RFC 2397 scheme. Consequently, the scanning software may allow the malicious content into the system.
If a remote attacker can convince a user to access a specially crafted web page or HTML email, that attacker may be able to run an arbitrary code on the users system.
We are not aware a practical solution at this time. Consider the following Workaround:
Do Not Follow Unsolicited Links
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Opera Software||Unknown||-||20 Jan 2005|
CVSS Metrics (Learn More)
This vulnerability was reported by Michael Holzt.
This document was written by Jeff Gennari.
- CVE IDs: Unknown
- Date Public: 11 Jan 2005
- Date First Published: 21 Jan 2005
- Date Last Updated: 03 Feb 2005
- Severity Metric: 12.24
- Document Revision: 168
If you have feedback, comments, or additional information about this vulnerability, please send us email.