CVE-2005-2405
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in the file download dialog box, which allows remote attackers to spoof file extensions and possibly trick users into executing arbitrary code.
Opera 8.0.1, cuando está instalado el font Arial Unicode MS, no maneja adecuadamente los caracteres ASCII extendidos en el diálogo de descarga de ficheros, lo que permite que atacantes remotos engañen con las extensiones de ficheros y posiblemente induzcan a los usuarios a ejecutar código arbitrario.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2005-07-28 CVE Reserved
- 2005-07-28 CVE Published
- 2024-07-04 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1014592 | Broken Link | |
| http://www.securityfocus.com/bid/14402 | Broken Link | |
| http://www.vupen.com/english/advisories/2005/1251 | Broken Link | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/21784 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/15870 | 2022-02-28 | |
| http://www.opera.com/linux/changelogs/802 | 2022-02-28 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Opera Search vendor "Opera" | Opera Browser Search vendor "Opera" for product "Opera Browser" | 8.01 Search vendor "Opera" for product "Opera Browser" and version "8.01" | - |
Affected
| ||||||