CVE-2004-1491

Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://lists.suse.com/archive/suse-security-announce/2005-Mar/0007.html	Third Party Advisory Vendor Advisory
http://secunia.com/advisories/13447/	Broken Link Patch
http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml	Patch Third Party Advisory Vendor Advisory
http://www.opera.com/linux/changelogs/754u2/	Broken Link
http://www.securityfocus.com/bid/11901	Broken Link Patch Third Party Advisory VDB Entry
http://www.zone-h.org/advisories/read/id=6503	Third Party Advisory Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18457	Third Party Advisory VDB Entry
http://lists.suse.com/archive/suse-security-announce/2005-Mar/0007.html	Third Party Advisory Vendor Advisory
http://secunia.com/advisories/13447/	Broken Link Patch
http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml	Patch Third Party Advisory Vendor Advisory
http://www.opera.com/linux/changelogs/754u2/	Broken Link
http://www.securityfocus.com/bid/11901	Broken Link Patch Third Party Advisory VDB Entry
http://www.zone-h.org/advisories/read/id=6503	Third Party Advisory Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18457	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:gentoo:linux::::::::
	cpe:2.3:o:kde:kde:3.2.3:::::::*
	cpe:2.3:o:suse:suse_linux:1.0:::::::*
	cpe:2.3:o:suse:suse_linux:2.0:::::::*
	cpe:2.3:o:suse:suse_linux:3.0:::::::*
	cpe:2.3:o:suse:suse_linux:4.0:::::::*
	cpe:2.3:o:suse:suse_linux:4.2:::::::*
	cpe:2.3:o:suse:suse_linux:4.3:::::::*
	cpe:2.3:o:suse:suse_linux:4.4:::::::*
	cpe:2.3:o:suse:suse_linux:4.4.1:::::::*
	cpe:2.3:o:suse:suse_linux:5.0:::::::*
	cpe:2.3:o:suse:suse_linux:5.1:::::::*
	cpe:2.3:o:suse:suse_linux:5.2:::::::*
	cpe:2.3:o:suse:suse_linux:5.3:::::::*
	cpe:2.3:o:suse:suse_linux:6.0:::::::*
	cpe:2.3:o:suse:suse_linux:6.1:::::::*
	cpe:2.3:o:suse:suse_linux:6.1:alpha::::::
	cpe:2.3:o:suse:suse_linux:6.2:::::::*
	cpe:2.3:o:suse:suse_linux:6.3:::::::*
	cpe:2.3:o:suse:suse_linux:6.3:alpha::::::
	cpe:2.3:o:suse:suse_linux:6.4:::::::*
	cpe:2.3:o:suse:suse_linux:6.4:alpha::::::
	cpe:2.3:o:suse:suse_linux:7.0:::::::*
	cpe:2.3:o:suse:suse_linux:7.0:alpha::::::
	cpe:2.3:o:suse:suse_linux:7.1:::::::*
	cpe:2.3:o:suse:suse_linux:7.1:alpha::::::
	cpe:2.3:o:suse:suse_linux:7.2:::::::*
	cpe:2.3:o:suse:suse_linux:7.3:::::::*
	cpe:2.3:o:suse:suse_linux:8.0:::::::*
	cpe:2.3:o:suse:suse_linux:8.1:::::::*
	cpe:2.3:o:suse:suse_linux:8.2:::::::*
	cpe:2.3:o:suse:suse_linux:9.0:::::::*
	cpe:2.3:o:suse:suse_linux:9.1:::::::*
	cpe:2.3:o:suse:suse_linux:9.2:::::::*

History

20 Nov 2024, 23:51

Type	Values Removed	Values Added
References	~~() http://lists.suse.com/archive/suse-security-announce/2005-Mar/0007.html - Third Party Advisory, Vendor Advisory~~	() http://lists.suse.com/archive/suse-security-announce/2005-Mar/0007.html - Third Party Advisory, Vendor Advisory
References	~~() http://secunia.com/advisories/13447/ - Broken Link, Patch~~	() http://secunia.com/advisories/13447/ - Broken Link, Patch
References	~~() http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml - Patch, Third Party Advisory, Vendor Advisory~~	() http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml - Patch, Third Party Advisory, Vendor Advisory
References	~~() http://www.opera.com/linux/changelogs/754u2/ - Broken Link~~	() http://www.opera.com/linux/changelogs/754u2/ - Broken Link
References	~~() http://www.securityfocus.com/bid/11901 - Broken Link, Patch, Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/11901 - Broken Link, Patch, Third Party Advisory, VDB Entry
References	~~() http://www.zone-h.org/advisories/read/id=6503 - Third Party Advisory, Vendor Advisory~~	() http://www.zone-h.org/advisories/read/id=6503 - Third Party Advisory, Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/18457 - Third Party Advisory, VDB Entry~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/18457 - Third Party Advisory, VDB Entry

28 Feb 2022, 18:18

Type	Values Removed	Values Added
CWE	~~NVD-CWE-Other~~	NVD-CWE-noinfo
References	~~(SUSE) http://lists.suse.com/archive/suse-security-announce/2005-Mar/0007.html - Vendor Advisory~~	(SUSE) http://lists.suse.com/archive/suse-security-announce/2005-Mar/0007.html - Third Party Advisory, Vendor Advisory
References	~~(CONFIRM) http://www.opera.com/linux/changelogs/754u2/ -~~	(CONFIRM) http://www.opera.com/linux/changelogs/754u2/ - Broken Link
References	~~(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/18457 -~~	(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/18457 - Third Party Advisory, VDB Entry
References	~~(MISC) http://www.zone-h.org/advisories/read/id=6503 - Vendor Advisory~~	(MISC) http://www.zone-h.org/advisories/read/id=6503 - Third Party Advisory, Vendor Advisory
References	~~(BID) http://www.securityfocus.com/bid/11901 - Patch~~	(BID) http://www.securityfocus.com/bid/11901 - Broken Link, Patch, Third Party Advisory, VDB Entry
References	~~(GENTOO) http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml - Patch, Vendor Advisory~~	(GENTOO) http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml - Patch, Third Party Advisory, Vendor Advisory
References	~~(SECUNIA) http://secunia.com/advisories/13447/ - Patch, Vendor Advisory~~	(SECUNIA) http://secunia.com/advisories/13447/ - Broken Link, Patch
CPE	cpe:2.3:o:suse:suse_linux:9.1::personal::::: cpe:2.3:o:suse:suse_linux:7.1::spa::::: cpe:2.3:o:suse:suse_linux:9.1::x86_64::::: cpe:2.3:o:suse:suse_linux:7.3::ppc::::: cpe:2.3:o:suse:suse_linux:7.3::sparc::::: cpe:2.3:o:suse:suse_linux:8.0::i386::::: cpe:2.3:o:suse:suse_linux:7.3::i386::::: cpe:2.3:o:suse:suse_linux:7.2::i386::::: cpe:2.3:o:suse:suse_linux:9.2::x86_64::::: cpe:2.3:o:suse:suse_linux:7.0::i386::::: cpe:2.3:o:suse:suse_linux:7.1::x86::::: cpe:2.3:o:suse:suse_linux:6.4::i386::::: cpe:2.3:o:suse:suse_linux:7.1::sparc::::: cpe:2.3:o:suse:suse_linux:7.0::ppc::::: cpe:2.3:o:suse:suse_linux:7.0::sparc::::: cpe:2.3:o:suse:suse_linux:6.3::ppc::::: cpe:2.3:o:suse:suse_linux:9.0::personal::::: cpe:2.3:o:suse:suse_linux:6.4::ppc::::: cpe:2.3:o:suse:suse_linux:9.0::x86_64::::: cpe:2.3:o:suse:suse_linux:8.2::personal::::: cpe:2.3:o:suse:suse_linux:9.2::personal::::: cpe:2.3:a:opera_software:opera_web_browser:7.54:::::::*	cpe:2.3:o:suse:suse_linux:9.2:::::::* cpe:2.3:o:suse:suse_linux:8.2:::::::* cpe:2.3:a:opera:opera_browser:::::::: cpe:2.3:o:suse:suse_linux:9.1:::::::* cpe:2.3:o:suse:suse_linux:9.0:::::::*

Information

Published : 2004-12-31 05:00

Updated : 2024-11-20 23:51

NVD link : CVE-2004-1491

Mitre link : CVE-2004-1491

CVE.ORG link : CVE-2004-1491

JSON object : View

Products Affected

opera

opera_browser

gentoo

linux

kde

suse

suse_linux

CWE

NVD-CWE-noinfo

5.0 /10