Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 21/03/2019 Updated: 27/09/2019

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Opera prior to 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target. Once the document is opened, it may allow the malicious user to take full control of the system from any location within the system. The issue lies in the loading of the shcore.dll and dcomp.dll files: these files are being searched for by the program in the same system-wide directory where the HTML file is executed.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opera opera_browser

CWE-426 https://lucideustech.blogspot.com/2019/02/opera-search-order-hijacking-cve-2018-18913.html https://blogs.opera.com/desktop/changelog-for-57/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-18913

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect