Intrusion Prevention

Telnet.URI.Handler.File.Creation

Description

This indicates an attempt to exploit an arbitrary file creation/modification vulnerability in Opera.
The vulnerability is due to a failure of the application to properly filter '-' character preceding the hostname in a telnet URI. It may allow a remote attacker to overwrite arbitrary files.

Affected Products

Opera Software Opera Web Browser 7.23
Omni Group OmniWeb 4.5
Omni Group OmniWeb 4.1 beta11
Omni Group OmniWeb 4.0.6
Mozilla Firefox 0.8
Microsoft Internet Explorer 6.0 SP1 and below
MacWarriors TrailBlazer 0.52
KDE kdelibs 3.2.2 and below
iCab Company iCab Pre 2.71
iCab Company iCab Pre 2.7
iCab Company iCab 2.9.8
Apple Safari 1.1
Apple Safari 1.0
Apple Safari Beta 2

Impact

Arbitrary file creation/modification

Recommended Actions

Opera has fixed this issue, please update it:
http://www.opera.com/download/

CVE References

CVE-2004-0473