Secunia Research: Opera Download Dialog Spoofing Vulnerability

======================================================================

                     Secunia Research 10/12/2004

           - Opera Download Dialog Spoofing Vulnerability -

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerability.........................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
About Secunia........................................................7
Verification.........................................................8

======================================================================
1) Affected Software

Opera 7.54 for Windows

Prior versions may also be vulnerable.

======================================================================
2) Severity

Rating: Moderately critical
Impact: Spoofing
Where:  From remote

======================================================================
3) Description of Vulnerability

Secunia Research has discovered a vulnerability in Opera, which can be
exploited by malicious people to trick users into executing malicious
files.

The vulnerability is caused due to the filename and the "Content-Type"
header not being sufficiently validated before being displayed in the
file download dialog. This can be exploited to spoof file types in the
download dialog by passing specially crafted "Content-Disposition" and
"Content-Type" headers containing dots and ASCII character code 160.

Successful exploitation may result in users being tricked into
executing a malicious file via the download dialog.

The vulnerability has been confirmed on Opera 7.54 for Windows. Other
versions may also be affected.

======================================================================
4) Solution

Update to version 7.54u1.
http://www.opera.com/download/

======================================================================
5) Time Table

25/10/2004 - Vulnerability discovered.
01/11/2004 - Vendor notified.
01/11/2004 - Vendor confirms the vulnerability.
10/12/2004 - Public disclosure.

======================================================================
6) Credits

Discovered by Andreas Sandblad, Secunia Research.

======================================================================
7) About Secunia

Secunia collects, validates, assesses, and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia web site:

http://secunia.com/

Secunia offers services to our customers enabling them to receive all
relevant vulnerability information to their specific system
configuration.

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/secunia_security_advisories/

======================================================================
8) Verification

Please verify this advisory by visiting the Secunia web site:
http://secunia.com/secunia_research/2004-19/advisory/

======================================================================