14 DAY TRIAL // Opera has released the 10.62 version of its browser, which addresses a security issue known as remote binary planting or DLL hijacking.
"Opera uses dynamic link libraries (DLLs) of its own, and several provided by the host operating system or plug-ins.
"In some cases, Opera searches for these DLLs in the same location as a resource that is being loaded, and if a malicious DLL is located, it will load that as if it were a trusted DLL. The code in the DLL will then be executed," the browser developer explains.
This issue, which has been publicly disclosed last month, is not particular to Opera and affects hundreds of other applications.
It stems from the way Windows searches for resources when certain API functions are invoked and no absolute path is specified.
Lets say for example that a program wants to load a .DLL located in system32, but does not specify the exact location.
In this case Windows will systematically look for the file in predefined places, starting with the local directory of the application which asked for it.
"If another application can be made to launch Opera in such a way that it searches for DLLs in that location, it will allow remote code execution. "To place a malicious DLL in a location that Opera will search, additional techniques will have to be employed," is mentioned in the Opera advisory.
Microsoft has issued safe practice guidelines which help prevent this problem a long time ago, but it seems that many software developers never bothered following them.
The new versions of Firefox and Safari released yesterday also fixed remote binary planting flaws that stem from the same issue.
In addition to the security patch, Opera 10.62 contains numerous stability and UI enhancements and can be downloaded from here.