Summary
A malicious torrent file can cause Opera to execute arbitrary code.
Severity: Highly critical
Problem description
A specially crafted torrent file can cause a buffer overflow in Opera.This allows arbitrary code to be injected and executed.
The overflow happens when the user right-clicks on the torrent entryin the transfer manager. Simply clicking on the torrent link willnot trigger this flaw.
Affected versions
This vulnerability affects Opera for Microsoft Windows.
Opera’s response
Opera Software has released Opera 9.21 with a fix for thisvulnerability.
Reference
iDefense advisory: Opera Software Opera Web Browser Transfer Item Pop-up Menu Stack Overflow Vulnerability
Credits
Thanks to iDefense Labs for reporting this issue to Opera Software.