CVE-2018-18913

Name of the Vulnerable Software and Affected Versions Opera versions prior to 57.0.3098.106

Description The issue allows an attacker to perform a DLL Search Order hijacking attack by sending a ZIP archive containing an HTML page and a malicious DLL. This can enable the attacker to gain full control of the system from any location. The problem stems from how the program loads shcore.dll and dcomp.dll files, searching for them in the same system-wide directory where the HTML file is executed.

Recommendations For Opera versions prior to 57.0.3098.106, update to version 57.0.3098.106 or later to resolve the issue. As a temporary workaround, consider restricting the execution of HTML files from untrusted sources to minimize the risk of exploitation.