Archive for août 2012

[CVE-2012-6460] Truncated dialogs may be used to trick users


Advisory: Truncated dialogs may be used to trick users


CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6460


UPDATE Link: http://www.opera.com/fr/security/advisory/1028


Announced: August 27, 2012
Reporter: Security researcher Jordi Chancel
Impact: Low
Products: Opera
Fixed in: Opera 12.02 and Opera 11.67


Description

When an important dialog is being displayed, such as a download dialog, the entire dialog should be visible, so that the user can clearly see what the dialog’s buttons will do. In some cases, specific user interactions can cause Opera not to enforce this correctly, allowing the window to become smaller than the dialog. The edge of the window remains visible, but users may assume misleading buttons on an underlying page are part of the dialog buttons, and click on the part of the dialog’s buttons that are still visible. This can be used to cause the user to download and run executables unexpectedly, or perform other unwanted actions.

Opera’s Response

Opera Software has released Opera 12.02 and Opera 11.67, where this issue has been fixed.


Credits

I haven’t been credited for this vulnerability, because i had written a blog post which disclosed the explanation of this security bug.


  • Vidéo de démonstration :


-Security Researcher Jordi Chancel

[CVE-2012-4143] Small windows can be used in several ways to trick users into executing downloads


Advisory: Small windows can be used in several ways to trick users into executing downloads


CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4143


UPDATE Link: http://www.opera.com/fr/security/advisory/1027


Announced: August 1, 2012
Reporter: Security researcher Jordi Chancel
Impact: High
Products: Opera
Fixed in: Opera 12.01 and Opera 11.66


Description

When the download dialog is displayed, it should always be visible to the user, to ensure that the user realizes it is there. If the dialog is displayed in a small enough window, the user may not realize it is being displayed, and if the right keyboard sequence is carefully followed, they can end up running a downloaded executable. Additional social engineering steps are needed to ensure that the user presses the correct key sequence, without being able to show any relevant visual feedback, as the page cannot see that the keys are being pressed.

Multiple ways of generating too small windows existed in Opera.


Opera’s Response

Opera Software has released Opera 12.01 and Opera 11.66, where this issue has been fixed.


Credits

Thanks to Jordi Chancel for reporting this issue to Opera Software.


  • Vidéo de démonstration :


-Security Researcher Jordi Chancel