CVE-2018-18913
CVSS V2 Medium 6.9
CVSS V3 High 7.8
Description
Opera before 57.0.3098.106 is vulnerable to a DLL Search Order hijacking attack where an attacker can send a ZIP archive composed of an HTML page along with a malicious DLL to the target. Once the document is opened, it may allow the attacker to take full control of the system from any location within the system. The issue lies in the loading of the shcore.dll and dcomp.dll files: these files are being searched for by the program in the same system-wide directory where the HTML file is executed.
Overview
- CVE ID
- CVE-2018-18913
- Assigner
- cve@mitre.org
- Vulnerability Status
- Analyzed
- Published Version
- 2019-03-21T22:29:00
- Last Modified Date
- 2019-09-27T16:41:31
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:a:opera:opera_browser:*:*:*:*:*:*:*:* | 1 | OR | 57.0.3098.106 | |
| cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:* | 0 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:L/AC:M/Au:N/C:C/I:C/A:C
- Access Vector
- LOCAL
- Access Compatibility
- MEDIUM
- Authentication
- NONE
- Confidentiality Impact
- COMPLETE
- Integrity Impact
- COMPLETE
- Availability Impact
- COMPLETE
- Base Score
- 6.9
- Severity
- MEDIUM
- Exploitability Score
- 3.4
- Impact Score
- 10
CVSS Version 3
- Version
- 3.1
- Vector String
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Attack Vector
- LOCAL
- Attack Compatibility
- LOW
- Privileges Required
- NONE
- User Interaction
- REQUIRED
- Scope
- UNCHANGED
- Confidentiality Impact
- HIGH
- Availability Impact
- HIGH
- Base Score
- 7.8
- Base Severity
- HIGH
- Exploitability Score
- 1.8
- Impact Score
- 5.9
References
| Reference URL | Reference Tags |
|---|---|
| https://lucideustech.blogspot.com/2019/02/opera-search-order-hijacking-cve-2018-18913.html | Third Party Advisory |
| https://blogs.opera.com/desktop/changelog-for-57/ | Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2018-18913 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18913 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 07:45:30 | Added to TrackCVE | |||
| 2022-12-03 18:31:38 | 2019-03-21T22:29Z | 2019-03-21T22:29:00 | CVE Published Date | updated |
| 2022-12-03 18:31:38 | 2019-09-27T16:41:31 | CVE Modified Date | updated | |
| 2022-12-03 18:31:38 | Analyzed | Vulnerability Status | updated |