===================================================================== CERT-Renater Note d'Information No. 2010/VULN349 _____________________________________________________________________ DATE : 10/09/2010 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Windows running Opera versions prior to 10.62. ====================================================================== http://www.opera.com/support/kb/view/970/ ______________________________________________________________________ Advisory: Malicious DLL files can be unintentionally loaded and allowed to run arbitrary code Severity High Description Opera uses dynamic link libraries (DLLs) of its own, and several provided by the host operating system or plug-ins. In some cases, Opera searches for these DLLs in the same location as a resource that is being loaded, and if a malicious DLL is located, it will load that as if it were a trusted DLL. The code in the DLL will then be executed. If another application can be made to launch Opera in such a way that it searches for DLLs in that location, it will allow remote code execution. To place a malicious DLL in a location that Opera will search, additional techniques will have to be employed. Affected versions This issue affects Opera for Microsoft Windows. Opera's response Opera Software has released Opera 10.62, where this issue has been fixed. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================