CVE-2005-2405

Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in the file download dialog box, which allows remote attackers to spoof file extensions and possibly trick users into executing arbitrary code.

Published: Aug 1, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-2405
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
opera / opera_browser	8.01	8.01.x

http://secunia.com/advisories/15870
http://securitytracker.com/id?1014592
http://www.opera.com/linux/changelogs/802/
http://www.securityfocus.com/bid/14402
http://www.vupen.com/english/advisories/2005/1251
https://exchange.xforce.ibmcloud.com/vulnerabilities/21784

Vulnerability Database

289,697

CVE-2005-2405