Vulnerability Name:

CVE-2004-1491 (CCN-18457)

Assigned:2004-12-12
Published:2004-12-12
Updated:2022-02-28
Summary:Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2004-1491

Source: SUSE
Type: Third Party Advisory, Vendor Advisory
SUSE-SR:2005:008

Source: CCN
Type: SA13447
Opera Default Application "kfmclient exec" Security Issue

Source: SECUNIA
Type: Broken Link, Patch
13447

Source: CCN
Type: GLSA-200502-17
Opera: Multiple vulnerabilities

Source: GENTOO
Type: Patch, Third Party Advisory, Vendor Advisory
GLSA-200502-17

Source: CCN
Type: Opera Download Web page
Download Opera Web browser

Source: CONFIRM
Type: Broken Link
http://www.opera.com/linux/changelogs/754u2/

Source: CCN
Type: OSVDB ID: 12399
Opera for Linux kfmclient Arbitrary Command Execution

Source: BID
Type: Broken Link, Patch, Third Party Advisory, VDB Entry
11901

Source: CCN
Type: BID-11901
Opera Web Browser KDE KFMCLIENT Remote Command Execution Vulnerability

Source: CCN
Type: Zone-H Security Advisory ZH2004-19SA
Possible execution of remote shell commands in Opera with kfmclient.

Source: MISC
Type: Third Party Advisory, Vendor Advisory
http://www.zone-h.org/advisories/read/id=6503

Source: XF
Type: Third Party Advisory, VDB Entry
pera-kfmclient-command-execution(18457)

Source: XF
Type: UNKNOWN
opera-kfmclient-command-execution(18457)

Source: SUSE
Type: SUSE-SR:2005:008
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:opera:opera_browser:*:*:*:*:*:*:*:* (Version <= 7.54)

  • Configuration 2:
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:kde:kde:3.2.3:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:1.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:4.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:4.3:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:4.4:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:4.4.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:5.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:5.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:5.3:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.1:alpha:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.3:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.3:alpha:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.4:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:6.4:alpha:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.0:alpha:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.1:alpha:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:opera:opera_browser:7.54:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    opera opera browser *
    gentoo linux *
    kde kde 3.2.3
    suse suse linux 1.0
    suse suse linux 2.0
    suse suse linux 3.0
    suse suse linux 4.0
    suse suse linux 4.2
    suse suse linux 4.3
    suse suse linux 4.4
    suse suse linux 4.4.1
    suse suse linux 5.0
    suse suse linux 5.1
    suse suse linux 5.2
    suse suse linux 5.3
    suse suse linux 6.0
    suse suse linux 6.1
    suse suse linux 6.1 alpha
    suse suse linux 6.2
    suse suse linux 6.3
    suse suse linux 6.3 alpha
    suse suse linux 6.4
    suse suse linux 6.4 alpha
    suse suse linux 7.0
    suse suse linux 7.0 alpha
    suse suse linux 7.1
    suse suse linux 7.1 alpha
    suse suse linux 7.2
    suse suse linux 7.3
    suse suse linux 8.0
    suse suse linux 8.1
    suse suse linux 8.2
    suse suse linux 9.0
    suse suse linux 9.1
    suse suse linux 9.2
    opera opera browser 7.54
    gentoo linux *