Vulnerability Name: | CVE-2004-1491 (CCN-18457) |
Assigned: | 2004-12-12 |
Published: | 2004-12-12 |
Updated: | 2022-02-28 |
Summary: | Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.
|
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): None Integrity (I): Low Availibility (A): None |
|
CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None | Impact Metrics: | Confidentiality (C): None Integrity (I): Partial Availibility (A): None | 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
| Impact Metrics: | Confidentiality (C): None Integrity (I): Partial Availibility (A): None |
|
Vulnerability Type: | CWE-noinfo
|
Vulnerability Consequences: | Gain Access |
References: | Source: MITRE Type: CNA CVE-2004-1491
Source: SUSE Type: Third Party Advisory, Vendor Advisory SUSE-SR:2005:008
Source: CCN Type: SA13447 Opera Default Application "kfmclient exec" Security Issue
Source: SECUNIA Type: Broken Link, Patch 13447
Source: CCN Type: GLSA-200502-17 Opera: Multiple vulnerabilities
Source: GENTOO Type: Patch, Third Party Advisory, Vendor Advisory GLSA-200502-17
Source: CCN Type: Opera Download Web page Download Opera Web browser
Source: CONFIRM Type: Broken Link http://www.opera.com/linux/changelogs/754u2/
Source: CCN Type: OSVDB ID: 12399 Opera for Linux kfmclient Arbitrary Command Execution
Source: BID Type: Broken Link, Patch, Third Party Advisory, VDB Entry 11901
Source: CCN Type: BID-11901 Opera Web Browser KDE KFMCLIENT Remote Command Execution Vulnerability
Source: CCN Type: Zone-H Security Advisory ZH2004-19SA Possible execution of remote shell commands in Opera with kfmclient.
Source: MISC Type: Third Party Advisory, Vendor Advisory http://www.zone-h.org/advisories/read/id=6503
Source: XF Type: Third Party Advisory, VDB Entry pera-kfmclient-command-execution(18457)
Source: XF Type: UNKNOWN opera-kfmclient-command-execution(18457)
Source: SUSE Type: SUSE-SR:2005:008 SUSE Security Summary Report
|
Vulnerable Configuration: | Configuration 1: cpe:/a:opera:opera_browser:*:*:*:*:*:*:*:* (Version <= 7.54) Configuration 2: cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*OR cpe:/o:kde:kde:3.2.3:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:1.0:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:2.0:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:3.0:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:4.0:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:4.2:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:4.3:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:4.4:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:4.4.1:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:5.0:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:5.1:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:5.2:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:5.3:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:6.0:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:6.1:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:6.1:alpha:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:6.2:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:6.3:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:6.3:alpha:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:6.4:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:6.4:alpha:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:7.0:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:7.0:alpha:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:7.1:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:7.1:alpha:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:7.2:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:7.3:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:8.0:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:8.1:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:* Configuration CCN 1: cpe:/a:opera:opera_browser:7.54:*:*:*:*:*:*:*AND cpe:/o:gentoo:linux:*:*:*:*:*:*:*:* Denotes that component is vulnerable |
BACK |