Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1491 — Browser vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

25.9%

top 3.73%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Opera Browser KDE Suse Linux

Timeline

PublishedDec 31

Latest updateApr 29

Description

Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDopera/opera_browser7.54

▶NVDkde/kde3.2.3

▶NVDsuse/suse_linux27 versions+26

Patches

Patch: secunia.com ↗Patch: www.gentoo.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-2hfm-w8q2-965h: Opera 7↗2022-04-29

▶

CVEList

CVE-2004-1491: Opera 7↗2005-02-17

▶

💥Exploits & PoCs

Exploit-DB

Opera Web Browser 7.54 - 'KDE KFMCLIENT' Remote Command Execution↗2004-12-13

▶