CVE-2004-0473

Sažetak

Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that begin a hostname in a telnet URI, which allows remote attackers to insert options to the resulting command line and overwrite arbitrary files via (1) the "-f" option on Windows XP or (2) the "-n" option on Linux.

Reference

http://www.opera.com/linux/changelogs/750/index.dml
http://security.gentoo.org/glsa/glsa-200405-19.xml
http://www.securityfocus.com/bid/10341
http://securitytracker.com/id?1010142
http://www.idefense.com/application/poi/display?id=104&type=vulnerabilities
https://exchange.xforce.ibmcloud.com/vulnerabilities/16139

CVSS

Base:	2.6
Impact:	2.9
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:H/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

28-02-2022 - 17:20

Objavljeno

07-07-2004 - 04:00