Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with a trailing "." (dot), which might allow remote attackers to trick users into processing dangerous content.
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
| Link | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2005/1789 | vdb entry broken link |
| http://www.securityfocus.com/bid/14880 | vdb entry third party advisory broken link |
| http://secunia.com/secunia_research/2005-42/advisory/ | patch broken link |
| http://www.opera.com/docs/changelogs/windows/850/ | broken link |
| http://www.opera.com/docs/changelogs/linux/850/ | broken link |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/22337 | vdb entry third party advisory |
| http://www.securityfocus.com/advisories/9339 | broken link vdb entry third party advisory vendor advisory |
| http://www.osvdb.org/19509 | vdb entry broken link |
| http://marc.info/?l=bugtraq&m=112724692219695&w=2 | third party advisory mailing list |
| http://secunia.com/advisories/16645 | third party advisory patch broken link |