Archive for mars 2012

[CVE-2012-1925] Overlapping content can trick users into executing downloads


Advisory: Overlapping content can trick users into executing downloads


CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1925


UPDATE Link: http://www.opera.com/fr/security/advisory/1011


Announced: March 26, 2012
Reporter: Security researcher Jordi Chancel
Impact: High
Products: Opera
Fixed in: Opera 11.62


Description

Dialogs such as the download dialog are usually displayed on top of page content, to ensure that the user knows that the dialog is requesting attention. In some cases, this policy was not implemented correctly in Opera, allowing certain page content to overlay the dialog. In these cases, clicking the page content causes the dialog to be clicked instead. While an attacker may not have much control over the appearance of the overlapping content, they may be able to use it to trick the user into performing harmful actions, such as running a downloaded executable.

Opera’s Response

Opera Software has released Opera 11.62, where this issue has been fixed.


Credits

Thanks to Jordi Chancel for reporting this issue to Opera Software.


  • Vidéo de démonstration :


-Security Researcher Jordi Chancel

[CVE-2012-1924] Small windows can be used to trick users into executing downloads


Advisory: Small windows can be used to trick users into executing downloads


CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1924


UPDATE Link: http://www.opera.com/fr/security/advisory/1010


Announced: March 26, 2012
Reporter: Security researcher Jordi Chancel
Impact: High
Products: Opera
Fixed in: Opera 11.62


Description

When the download dialog is displayed, it should always be visible to the user, to ensure that the user realizes it is there. If the dialog is displayed in a small enough window, the user may not realize it is being displayed, and if the right keyboard sequence is carefully followed, they can end up running a downloaded executable. Additional social engineering steps are needed to ensure that the user presses the correct key sequence, without being able to show any relevant visual feedback, as the page cannot see that the keys are being pressed.

Opera’s Response

Opera Software has released Opera 11.62, where this issue has been fixed.


Credits

Thanks to Jordi Chancel for reporting this issue to Opera Software.


  • Vidéo de démonstration :


-Security Researcher Jordi Chancel

[CVE-2012-1928] Carefully timed reloads and redirects can spoof the address field


Advisory: Carefully timed reloads and redirects can spoof the address field


CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1928


UPDATE Link: http://www.opera.com/fr/security/advisory/1014


Announced: March 26, 2012
Reporter: Security researcher Jordi Chancel
Impact: Low
Products: Opera
Fixed in: Opera 11.62


Description

The address field should always show the address of the page that is being displayed. In certain cases, if a target site responds slowly, reloading an attacking page and redirecting to the target page can cause the address field to show the target site’s address, while the attacking site is still being displayed.

Opera’s Response

Opera Software has released Opera 11.62, where this issue has been fixed.


Credits

Thanks to Jordi Chancel for reporting this issue to Opera Software.


  • Vidéo de démonstration :


-Security Researcher Jordi Chancel