Malicious DLL files can be unintentionally loaded and allowed to run arbitrary code – Opera Security Advisories




Opera uses dynamic link libraries (DLLs) of its own, and several provided by the host operating system or plug-ins. In some cases, Opera searches for these DLLs in the same location as a resource that is being loaded, and if a malicious DLL is located, it will load that as if it were a trusted DLL. The code in the DLL will then be executed.

If another application can be made to launch Opera in such a way that it searches for DLLs in that location, it will allow remote code execution. To place a malicious DLL in a location that Opera will search, additional techniques will have to be employed.

Affected versions

This issue affects Opera for Microsoft Windows.

Opera’s response

Opera Software has released Opera 10.62, where this issue has been fixed.