LaFlecha is reporting that due to a bug in Opera Browser, a malformed Torrent file (*.torrent) can cause it to consume 100% cpu resources thus making the system unusable. According to this report, this bug affects Opera for Windows running on Windows SP1 or SP2. A proof of concept code has also been published. It’s unclear if previous versions of Opera and Opera running on other platforms are affected as well. I am not sure about the severity of the exploit either. If it’s just a problem of high cpu usage, then its not a critical vulnerability. I checked with Secunia, but couldn’t find any mention of this vulnerability there. However, as a precautionary measure you can disable torrent integration in Opera. You can disable it by un-checking the box next to “Enable“.
If the report on LeFlacha is true then this would be the 4rth exploit to be discovered in Opera v9 in 2007 – compared to 3 in Mozilla Firefox v2 (of which 1 is unpatched), and 5 in Internet Explorer v7 (of which 3 are unpatched).
Update (22nd May) : This vulnerability has been fixed in Opera v9.21. Opera’s advisory related to this exploit is available here.