CVE-2004-1491 — MEDIUM (5.0)

Q: What is CVE-2004-1491?

CVE-2004-1491 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.

Q: How severe is CVE-2004-1491?

CVE-2004-1491 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2004-1491?

Check the references section above for vendor advisories and patch information. Affected products include: Opera Opera Browser, Gentoo Linux, Kde Kde, Suse Suse Linux.

Vulnerability Description

Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Opera	Opera Browser	<= 7.54
Gentoo	Linux	All versions
Kde	Kde	3.2.3
Suse	Suse Linux	1.0

References

http://lists.suse.com/archive/suse-security-announce/2005-Mar/0007.htmlThird Party AdvisoryVendor Advisory
http://secunia.com/advisories/13447/Broken LinkPatch
http://www.gentoo.org/security/en/glsa/glsa-200502-17.xmlPatchThird Party AdvisoryVendor Advisory
http://www.opera.com/linux/changelogs/754u2/Broken Link
http://www.securityfocus.com/bid/11901Broken LinkPatchThird Party Advisory
http://www.zone-h.org/advisories/read/id=6503Third Party AdvisoryVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18457Third Party AdvisoryVDB Entry
http://lists.suse.com/archive/suse-security-announce/2005-Mar/0007.htmlThird Party AdvisoryVendor Advisory
http://secunia.com/advisories/13447/Broken LinkPatch
http://www.gentoo.org/security/en/glsa/glsa-200502-17.xmlPatchThird Party AdvisoryVendor Advisory
http://www.opera.com/linux/changelogs/754u2/Broken Link
http://www.securityfocus.com/bid/11901Broken LinkPatchThird Party Advisory
http://www.zone-h.org/advisories/read/id=6503Third Party AdvisoryVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18457Third Party AdvisoryVDB Entry

FAQ

What is CVE-2004-1491?

CVE-2004-1491 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.

How severe is CVE-2004-1491?

CVE-2004-1491 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2004-1491?

Check the references section above for vendor advisories and patch information. Affected products include: Opera Opera Browser, Gentoo Linux, Kde Kde, Suse Suse Linux.