Summary
A malicious torrent file can cause Opera to execute arbitrary code.
Severity: High
Problem description
Removing a specially crafted torrent from the download managercan crash Opera. The crash is caused by an erroneous memoryaccess.
An attacker needs to entice the user to accept the maliciousBitTorrent download, and later remove it from Opera’s downloadmanager. To inject code, additional means will have to beemployed.
Users clicking a BitTorrent link and rejecting the downloadare not affected.
Opera’s response
Opera Software has released Opera 9.22 with a fix for thisvulnerability.
Credits
Thanks to iDefense Labs for reporting this issue to Opera Software.