SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips
 

Vulnerability Note VU#882926

Opera may insecurely execute binary data encoded in a URI

Overview

The Opera web browser fails to validate data encoded using the RFC 2397 scheme. A remote attacker may be able to execute arbitrary code on a vulnerable system.

I. Description

The Opera web browser fails to properly handle binary data encoded following the RFC 2397 specification for sending data in a URI. According to RFC 2397, binary data can be encoded directly in a URI in the following format:

    data:[<mediatype>][;base64],<data>

Where data is base64 encoded binary data.

If binary data is encoded in a URI following the RFC 2397 scheme, and accessed via an Opera web browser, Opera will prompt the user for the action to take (OPEN, SAVE, or CANCEL). If the user attempts to open the binary data with Opera, the data should open with an application the user chooses or the default application if one isn't specified. However, Opera executes the binary data directly (if the binary data is executable).

In addition, security software such as anti-virus and content scanning applications, may not detect malicious content encoded with the RFC 2397 scheme. Consequently, the scanning software may allow the malicious content into the system.

II. Impact

If a remote attacker can convince a user to access a specially crafted web page or HTML email, that attacker may be able to run an arbitrary code on the users system.

III. Solution

We are not aware a practical solution at this time. Consider the following Workaround:

Do Not Follow Unsolicited Links

In order to convince users to visit their sites, attackers often use URL encoding, IP address variations, long URLs, intentional misspellings, and other techniques to create misleading links. Do not click on unsolicited links received in email, instant messages, web forums, or internet relay chat (IRC) channels. Type URLs directly into the browser to avoid these misleading links. While these are generally good security practices, following these behaviors will not prevent exploitation of this vulnerability in all cases.

Systems Affected

VendorStatusDate NotifiedDate Updated
Opera SoftwareUnknown20-Jan-2005

References


http://secunia.com/advisories/13818/
http://www.ietf.org/rfc/rfc2397.txt

Credit

This vulnerability was reported by Michael Holzt.

This document was written by Jeff Gennari.

Other Information

Date Public:2005-01-11
Date First Published:2005-01-21
Date Last Updated:2005-02-03
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Metric:12.24
Document Revision:168

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2005 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader