CVE-2005-2405
Opera 8.01 - File Extension Spoofing via Extended ASCII Characters in Download Dialog
Title source: llmDescription
Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in the file download dialog box, which allows remote attackers to spoof file extensions and possibly trick users into executing arbitrary code.
References (6)
Core 6
Core References
Broken Link, Patch third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/15870
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/14402
Broken Link, Patch x_refsource_confirm
http://www.opera.com/linux/changelogs/802/
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/1251
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/21784
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1014592
Scores
EPSS
0.0134
EPSS Percentile
80.2%
Details
CWE
CWE-20
Status
published
Products (1)
opera/opera_browser
8.01
Published
Aug 01, 2005
Tracked Since
Feb 18, 2026