Opera < 10.62 Path Subversion Arbitrary DLL Injection Code Execution
High Nessus Plugin ID 49174
SynopsisThe remote host contains a web browser that allows arbitrary code execution.
DescriptionThe version of Opera installed on the remote host is earlier than 10.62. Such versions insecurely look in their current working directory when resolving DLL dependencies, such as for 'dwmapi.dll'
If another application can be made to launch Opera in such a way that it searches for DLLs in the same location as a resource that is being loaded, it will allow remote code execution.
SolutionUpgrade to Opera 10.62 or later.