Opera < 10.62 Path Subversion Arbitrary DLL Injection Code Execution

This script is Copyright (C) 2010-2012 Tenable Network Security, Inc.


Synopsis :

The remote host contains a web browser that allows arbitrary code
execution.

Description :

The version of Opera installed on the remote host is earlier than
10.62. Such versions insecurely look in their current
working directory when resolving DLL dependencies, such as for
'dwmapi.dll'

If another application can be made to launch Opera in such a way that
it searches for DLLs in the same location as a resource that is being
loaded, it will allow remote code execution.

See also :

http://www.opera.com/docs/changelogs/windows/1062/
http://www.opera.com/support/kb/view/970/

Solution :

Upgrade to Opera 10.62 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.4
(CVSS2#E:F/RL:W/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 49174 ()

Bugtraq ID: 42663

CVE ID: CVE-2010-5227

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now