Vulnerability Disclosure: Vivaldi installer for Windows could run arbitrary downloaded code (JVN#71572107)

Recently, JP-CERT, the Japanese security vulnerability clearing house, brought to our attention a security vulnerability when they forwarded information about a problem in Vivaldi’s installer for Windows.

security-vulnerability-disclosure

Recently, JP-CERT, the Japanese security vulnerability clearing house, brought to our attention a security vulnerability when they forwarded information about a problem in Vivaldi’s installer for Windows.

The installer for Vivaldi on Windows for releases prior to version 1.7.735.48 could run arbitrary applications if an attacker had previously tricked the user into downloading an executable into the same directory as the installer had been downloaded to, which is the default action when downloading files. Vivaldi 1.7.735.48 fixed this issue.

Additionally, the delta upgrade mechanism also had this issue, provided that the user had been tricked into downloading the executable into the correct subdirectory of the folder where Vivaldi is installed. This scenario is very low probability, since this folder is not easily accessed and tricking the user would require extensive social engineering by the attacker. This issue was fixed with the release of Vivaldi 1.8 by performing version upgrades downloading the full installer, rather than the normal delta upgrades which were disabled in the update cycle for the release of Vivaldi 1.8.770.50.

Credit:

  • Eiji James Yoshida of Security Professionals Network Inc. via IPA/JP-CERT advisory JVN#71572107

References: