LaFlecha is reporting that due to a bug in Opera Browser, a malformed Torrent file (*.torrent) can cause it to consume 100% cpu resources thus making the system unusable. According to this report, this bug affects Opera for Windows running on Windows SP1 or SP2. A proof of concept code has also been published. It’s unclear if previous versions of Opera and Opera running on other platforms are affected as well. I am not sure about the severity of the exploit either. If it’s just a problem of high cpu usage, then its not a critical vulnerability. I checked with Secunia, but couldn’t find any mention of this vulnerability there. However, as a precautionary measure you can disable torrent integration in Opera. You can disable it by un-checking the box next to “Enable“.
If the report on LeFlacha is true then this would be the 4rth exploit to be discovered in Opera v9 in 2007 – compared to 3 in Mozilla Firefox v2 (of which 1 is unpatched), and 5 in Internet Explorer v7 (of which 3 are unpatched).
Update (22nd May) : This vulnerability has been fixed in Opera v9.21. Opera’s advisory related to this exploit is available here.
4 responses to “Opera Vulnerable to BitTorrent Exploit”
Hey, It’s currently in private beta and hence only limited but once they start scaling and giving out more invites, i will blog about it.
And by the way, I like your Meta (neo counter). Do you have the link for this?
Neocounter is available at Neoworx
Yeah installed it and took it off. 😉 Thanks
[…] v9.21 for desktop was released on 21st May. This release fixes a critical vulnerability present in Opera’s torrent […]