Description
Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Giovanni Delvecchio · textdoslinux
https://www.exploit-db.com/exploits/24828
References (7)
Core 7
Core References
Third Party Advisory, Vendor Advisory vendor-advisory
x_refsource_suse
http://lists.suse.com/archive/suse-security-announce/2005-Mar/0007.html
Broken Link, Patch, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11901
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18457
Third Party Advisory, Vendor Advisory x_refsource_misc
http://www.zone-h.org/advisories/read/id=6503
Patch, Third Party Advisory, Vendor Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml
Broken Link, Patch third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/13447/
Broken Link x_refsource_confirm
http://www.opera.com/linux/changelogs/754u2/
Scores
EPSS
0.2586
EPSS Percentile
96.3%
Details
Status
published
Products (30)
gentoo/linux
kde/kde
3.2.3
opera/opera_browser
< 7.54
suse/suse_linux
1.0
suse/suse_linux
2.0
suse/suse_linux
3.0
suse/suse_linux
4.0
suse/suse_linux
4.2
suse/suse_linux
4.3
suse/suse_linux
4.4
... and 20 more
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026