DLL Search Order Hijacking in Opera Browser
CVE-2018-18913

7.8HIGH

Key Information:

Vendor: Opera
Status: Opera Browser
Vendor: CVE Published:; 21 March 2019

Summary

Opera Browser prior to version 57.0.3098.106 is susceptible to a DLL Search Order hijacking vulnerability. This flaw allows an attacker to craft a ZIP archive containing an HTML page paired with a malicious DLL file. When the compromised document is executed, the browser searches its system directory for the required DLLs—specifically shcore.dll and dcomp.dll. This behavior can inadvertently facilitate an attacker in executing arbitrary code, potentially leading to full system control. Users of affected versions are advised to update their browsers immediately to mitigate any security risks associated with this vulnerability.

References

https://lucideustech.blogspot.com/2019/02/opera-search-or...

x_refsource_MISC

https://blogs.opera.com/desktop/changelog-for-57/

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 21, 2019
Vulnerability Reserved
Nov 2, 2018