CVE-2004-2083

Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious file by embedding a CLSID in the file name, which causes the malicious file to appear as a trusted file type, aka "File Download Extension Spoofing."

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:N/I:P/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/Internet_Explorer_File_Download_Extension_Spoofing_Test/	Broken Link Vendor Advisory
http://secunia.com/advisories/10760	Broken Link Vendor Advisory
http://www.opera.com/docs/changelogs/windows/750b1/	Broken Link
http://www.osvdb.org/3917	Broken Link
http://www.securityfocus.com/bid/9640	Broken Link Exploit Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/21698	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*

History

28 Feb 2022, 18:01

Type	Values Removed	Values Added
CPE	cpe:2.3:a:opera_software:opera_web_browser:7.22:::::::* cpe:2.3:a:opera_software:opera_web_browser:7.0::win32::::: cpe:2.3:a:opera_software:opera_web_browser:7.20_beta1_build2981:::::::* cpe:2.3:a:opera_software:opera_web_browser:7.10:::::::* cpe:2.3:a:opera_software:opera_web_browser:7.21:::::::* cpe:2.3:a:opera_software:opera_web_browser:7.0.2::win32::::: cpe:2.3:a:opera_software:opera_web_browser:7.0_beta1::win32::::: cpe:2.3:a:opera_software:opera_web_browser:7.20:::::::* cpe:2.3:a:opera_software:opera_web_browser:7.11:::::::* cpe:2.3:a:opera_software:opera_web_browser:7.11b:::::::* cpe:2.3:a:opera_software:opera_web_browser:7.11j:::::::* cpe:2.3:a:opera_software:opera_web_browser:7.0_beta2::win32::::: cpe:2.3:a:opera_software:opera_web_browser:7.0.3::win32::::: cpe:2.3:a:opera_software:opera_web_browser:7.23:::::::* cpe:2.3:a:opera_software:opera_web_browser:7.0.1::win32:::::	cpe:2.3:a:opera:opera_browser::::::::
First Time		Opera Opera opera Browser
References	~~(SECUNIA) http://secunia.com/advisories/10760 - Vendor Advisory~~	(SECUNIA) http://secunia.com/advisories/10760 - Broken Link, Vendor Advisory
References	~~(OSVDB) http://www.osvdb.org/3917 -~~	(OSVDB) http://www.osvdb.org/3917 - Broken Link
References	~~(MISC) http://secunia.com/Internet_Explorer_File_Download_Extension_Spoofing_Test/ - Vendor Advisory~~	(MISC) http://secunia.com/Internet_Explorer_File_Download_Extension_Spoofing_Test/ - Broken Link, Vendor Advisory
References	~~(BID) http://www.securityfocus.com/bid/9640 - Exploit~~	(BID) http://www.securityfocus.com/bid/9640 - Broken Link, Exploit, Third Party Advisory, VDB Entry
References	~~(CONFIRM) http://www.opera.com/docs/changelogs/windows/750b1/ -~~	(CONFIRM) http://www.opera.com/docs/changelogs/windows/750b1/ - Broken Link
References	~~(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/21698 -~~	(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/21698 - Third Party Advisory, VDB Entry
CWE	~~NVD-CWE-Other~~	NVD-CWE-noinfo

Information

Published : 2004-02-11 05:00

Updated : 2023-12-10 10:17

NVD link : CVE-2004-2083

Mitre link : CVE-2004-2083

CVE.ORG link : CVE-2004-2083

JSON object : View

Products Affected

opera

opera_browser

CWE

NVD-CWE-noinfo

2.6 /10