Advisory: A malicious torrent can cause Opera to execute arbitrary code
A malicious torrent file can cause Opera to execute arbitrary code.
Removing a specially crafted torrent from the download managercan crash Opera. The crash is caused by an erroneous memoryaccess.
An attacker needs to entice the user to accept the maliciousBitTorrent download, and later remove it from Opera's downloadmanager. To inject code, additional means will have to beemployed.
Users clicking a BitTorrent link and rejecting the downloadare not affected.
Opera Software has released Opera 9.22 with a fix for thisvulnerability.
Thanks to iDefense Labs for reporting this issue to Opera Software.