‘Opera Download Dialog File Execution Security Vulnerability’


A security issue in Opera allows malicious people to compromise a vulnerable system.’


‘The information has been provided by Jakob Balle and Sven Krewitt.
The original article can be found at: http://secunia.com/secunia_research/2010-110/


Vulnerable Systems:
 * Opera version 10.53
 * Opera version 10.54
 * Opera version 10.60

Immune Systems:
 * Opera version 10.61

The ‘Download’ dialog provides the option to run a downloadable executable at a predictable location in the browser window. This can be exploited to trick a user into clicking on the ‘Run’ button by positioning a new window on top of the ‘Download’ dialog that is closed e.g. via a timeout shortly before the user clicks on a link within this window.

CVE Information:

Disclosure Timeline:
15/07/2010 – Vendor notified.
15/07/2010 – Vendor response.
12/08/2010 – Public disclosure.’

Categories: News