CVE-2005-3006

Sažetak

The mail client in Opera before 8.50 opens attached files from the user's cache directory without warning the user, which might allow remote attackers to inject arbitrary web script and spoof attachment filenames.

Reference

http://marc.info/?l=bugtraq&m=112724692219695&w=2
http://secunia.com/advisories/16645
http://secunia.com/secunia_research/2005-42/advisory/
http://www.opera.com/docs/changelogs/linux/850/
http://www.opera.com/docs/changelogs/windows/850/
http://www.osvdb.org/19508
http://www.securityfocus.com/advisories/9339
http://www.securityfocus.com/bid/14880
http://www.vupen.com/english/advisories/2005/1789
https://exchange.xforce.ibmcloud.com/vulnerabilities/22335

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

11-07-2017 - 01:33

Objavljeno

21-09-2005 - 20:03