s0nIc
February 16th, 2002, 12:37 AM
Opera Content-Type HTML File Execution Vulnerability
Opera does not properly handle files based on the Content-Type specified. If HTML tags are included in the body of a file, Opera will not handle the file according to the Content-Type. For example: A file has the Content-Type text/plain and contains HTML tags in the file, Opera will execute the file as a HTML type rather than a text file.
It is possible to create a malicious web page containing arbitrary script code. When a legitimate user browses the malicious page, the script code could be executed in the user's browser.
Remote:Yes
Exploit: No exploit code is required to take advantage of this issue.
Vulnerable: Opera Software Opera Web Browser 6.0.1win32
Opera does not properly handle files based on the Content-Type specified. If HTML tags are included in the body of a file, Opera will not handle the file according to the Content-Type. For example: A file has the Content-Type text/plain and contains HTML tags in the file, Opera will execute the file as a HTML type rather than a text file.
It is possible to create a malicious web page containing arbitrary script code. When a legitimate user browses the malicious page, the script code could be executed in the user's browser.
Remote:Yes
Exploit: No exploit code is required to take advantage of this issue.
Vulnerable: Opera Software Opera Web Browser 6.0.1win32