TITLE:
Opera Default Application "kfmclient exec" Security Issue

SECUNIA ADVISORY ID:
SA13447

VERIFY ADVISORY:
http://secunia.com/advisories/13447/

CRITICAL:
Less critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
Opera 7.x
http://secunia.com/product/761/

DESCRIPTION:
Giovanni Delvecchio has discovered a security issue in Opera, which
can be exploited by malicious people to compromise a user's system.

The problem is that a file with an unknown MIME type by default is
handled by "kfmclient exec". This can be exploited to execute shell
commands by tricking a user into opening a malicious
shortcut/launcher containing an "Exec" entry.

Successful exploitation requires some user interaction.

The issue has been confirmed on Opera 7.54u1 for Linux. Other
versions may also be affected.

Note: Opera for Windows is not affected.

SOLUTION:
Do not open files from untrusted sources via the "kfmclient exec"
handler.

PROVIDED AND/OR DISCOVERED BY:
Giovanni Delvecchio

ORIGINAL ADVISORY:
http://www.zone-h.org/advisories/read/id=6503