Vulnerabilities > CVE-2005-2407 - Improper Restriction of Rendered UI Layers or Frames vulnerability in Opera Browser

CVSS 5.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

high complexity

opera

CWE-1021

nessus

NVD

Published: 2005-08-01

Updated: 2022-02-28

Summary

A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by overlaying a malicious new window above a file download dialog box, then tricking the user into double-clicking on the "Run" button, aka "link hijacking".

Vulnerable Configurations

Part	Description	Count
Application	Opera Opera Opera Browser 1.00 Opera Opera Browser 2.00 Opera Opera Browser 2.10 Opera Opera Browser 2.12 Opera Opera Browser 3.00 Opera Opera Browser 3.10 Opera Opera Browser 3.21 Opera Opera Browser 3.50 Opera Opera Browser 3.51 Opera Opera Browser 3.60 Opera Opera Browser 3.61 Opera Opera Browser 3.62 Opera Opera Browser 4.00 Opera Opera Browser 4.01 Opera Opera Browser 4.02 Opera Opera Browser 5.0 Opera Opera Browser 5.02 Opera Opera Browser 5.10 Opera Opera Browser 5.11 Opera Opera Browser 5.12 Opera Opera Browser 6.0 Opera Opera Browser 6.01 Opera Opera Browser 6.1 Opera Opera Browser 6.02 Opera Opera Browser 6.03 Opera Opera Browser 6.04 Opera Opera Browser 6.05 Opera Opera Browser 6.06 Opera Opera Browser 6.10 Opera Opera Browser 6.11 Opera Opera Browser 6.12 Opera Opera Browser 7.0 Opera Opera Browser 7.01 Opera Opera Browser 7.02 Opera Opera Browser 7.03 Opera Opera Browser 7.10 Opera Opera Browser 7.11 Opera Opera Browser 7.20 Opera Opera Browser 7.21 Opera Opera Browser 7.22 Opera Opera Browser 7.23 Opera Opera Browser 7.30 Opera Opera Browser 7.50 Opera Opera Browser 7.51 Opera Opera Browser 7.52 Opera Opera Browser 7.53 Opera Opera Browser 7.54 Opera Opera Browser 7.55 Opera Opera Browser 7.60 Opera Opera Browser 8.0 Opera Opera Browser 8.00 Opera Opera Browser 8.01	88

Common Weakness Enumeration (CWE)

CWE-1021 - Improper Restriction of Rendered UI Layers or Frames

Nessus

NASL family	Windows
NASL id	OPERA_802.NASL
description	The remote host is using Opera, an alternative web browser. The version of Opera installed on the remote host contains several flaws. One involves imaging dragging and could result in cross-site scripting attacks and user file retrieval. A second may let attackers spoof the file extension in the file download dialog provided the
last seen	2020-06-01
modified	2020-06-02
plugin id	19312
published	2005-07-29
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/19312
title	Opera < 8.02 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(19312); script_version("1.21"); script_cve_id("CVE-2005-2405", "CVE-2005-2406", "CVE-2005-2407"); script_bugtraq_id(14402, 14410, 15835); script_name(english:"Opera < 8.02 Multiple Vulnerabilities"); script_set_attribute(attribute:"synopsis", value: "The remote host contains a web browser which is affected by multiple issues." ); script_set_attribute(attribute:"description", value: "The remote host is using Opera, an alternative web browser. The version of Opera installed on the remote host contains several flaws. One involves imaging dragging and could result in cross-site scripting attacks and user file retrieval. A second may let attackers spoof the file extension in the file download dialog provided the 'Arial Unicode MS' font has been installed, which is the case with various Microsoft Office products. And a third is a design error in the processing of mouse clicks in new browser windows that may be exploited to trick a user into downloading and executing arbitrary programs on the affected host." ); script_set_attribute(attribute:"see_also", value:"https://secuniaresearch.flexerasoftware.com/advisories/15756/" ); script_set_attribute(attribute:"see_also", value:"https://secuniaresearch.flexerasoftware.com/advisories/15870/" ); script_set_attribute(attribute:"see_also", value:"https://secuniaresearch.flexerasoftware.com/secunia_research/2005-19/advisory/" ); script_set_attribute(attribute:"solution", value: "Upgrade to Opera 8.02 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_publication_date", value: "2005/07/29"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/07/28"); script_cvs_date("Date: 2018/11/15 20:50:28"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:opera:opera_browser"); script_end_attributes(); script_summary(english:"Checks for multiple vulnerabilities in Opera < 8.02"); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_dependencies("opera_installed.nasl"); script_require_keys("SMB/Opera/Version_UI"); exit(0); } # include("global_settings.inc"); version_ui = get_kb_item("SMB/Opera/Version_UI"); if (isnull(version_ui)) exit(0); if (version_ui =~ "^([0-7]\.\|8\.0[01]($\|[^0-9]))") { if (report_verbosity) { report = string( "\n", "Opera version ", version_ui, " is currently installed on the remote host.\n" ); security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); }

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References