This issue affects Opera for Microsoft Windows.
Opera’s downloads manager allows users to select a file, and open the folder containing that file. This file will be opened using the operating system’s file system viewer. In some cases, Opera will use the wrong executable when trying to show the folder view, and that executable may execute code of the attacker’s choice.
Several manual steps are needed to exploit the issue, requiring very significant social engineering. Steps include populating a folder on disk with an executable, starting Opera in a particular manner, downloading a file to a particular location and performing specific actions on that file.
Opera Software has released Opera 11.01, where this issue has been fixed.
Thanks to Makoto Shiotsuki for reporting this issue.
Related external advisories