A malicious torrent can cause Opera to execute arbitrary code – Opera Security Advisories

Summary

A malicious torrent file can cause Opera to execute arbitrary code.

Severity: High

Problem description

Removing a specially crafted torrent from the download managercan crash Opera. The crash is caused by an erroneous memoryaccess.

An attacker needs to entice the user to accept the maliciousBitTorrent download, and later remove it from Opera’s downloadmanager. To inject code, additional means will have to beemployed.

Users clicking a BitTorrent link and rejecting the downloadare not affected.

Opera’s response

Opera Software has released Opera 9.22 with a fix for thisvulnerability.

Credits

Thanks to iDefense Labs for reporting this issue to Opera Software.