Description
Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that begin a hostname in a telnet URI, which allows remote attackers to insert options to the resulting command line and overwrite arbitrary files via (1) the "-f" option on Windows XP or (2) the "-n" option on Linux.
References (6)
Core 6
Core References
Broken Link x_refsource_confirm
http://www.opera.com/linux/changelogs/750/index.dml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16139
Broken Link third-party-advisory
x_refsource_idefense
http://www.idefense.com/application/poi/display?id=104&type=vulnerabilities
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1010142
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200405-19.xml
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10341
Scores
EPSS
0.0120
EPSS Percentile
79.2%
Details
CWE
CWE-88
Status
published
Products (1)
opera/opera_browser
< 7.50
Published
Jul 07, 2004
Tracked Since
Feb 18, 2026