As an example, consider an Explorer's vulnerability like this. Would Opus be affected by it too?
Opus should not be vulnerable to that problem, unless you change a setting to turn off a security feature, as we block loading DLLs from the current directory by default.
Microsoft should block it as well, not just in Explorer but in all of Windows, but it would break a couple of their own apps, and some others, and they don't want to deal with that, it seems. (If they just did it 10 years ago when the problem came to light, it'd be resolved by now. They only did it for network drives, which was a stupid choice, given you can unzip an archive from the web and have a local DLL planting issue without realising.)
Given the potential severity of the problems DLL planting can cause, we chose security over compatibility here, with the option of being less secure (i.e. like Explorer) if you need it; but you have to opt in to being less secure.
As for the general question, it will depend on the vulnerability.
2 Likes