CVE-2004-0473Argument Injection in Browser

CWE-88Argument Injection4 documents4 sources
Severity
2.6LOWNVD
EPSS
1.2%
top 21.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Opera Browser
Timeline
PublishedJul 7
Latest updateApr 29

Description

Argument injection vulnerability in Opera before 7.50 does not properly filter "-" characters that begin a hostname in a telnet URI, which allows remote attackers to insert options to the resulting command line and overwrite arbitrary files via (1) the "-f" option on Windows XP or (2) the "-n" option on Linux.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-56vw-hr2p-ff5f: Argument injection vulnerability in Opera before 72022-04-29
CVEList
CVE-2004-0473: Argument injection vulnerability in Opera before 72004-05-20

📐Framework References

1
CWE
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2004-0473 — Argument Injection in Opera Browser | cvebase