Opera Vulnerable to BitTorrent Exploit

Posted by Pallab on 5 May, 2007
4 Comments
This item was filled under [ Opera ]

Opera

LaFlecha is reporting that due to a bug in Opera Browser, a malformed Torrent file (*.torrent) can cause it to consume 100% cpu resources thus making the system unusable. According to this report, this bug affects Opera for Windows running on Windows SP1 or SP2. A proof of concept code has also been published. It’s unclear if previous versions of Opera and Opera running on other platforms are affected as well. I am not sure about the severity of the exploit either. If it’s just a problem of high cpu usage, then its not a critical vulnerability. I checked with Secunia, but couldn’t find any mention of this vulnerability there. However, as a precautionary measure you can disable torrent integration in Opera. You can disable it by un-checking the box next to “Enable“.

If the report on LeFlacha is true then this would be the 4rth exploit to be discovered in Opera v9 in 2007 - compared to 3 in Mozilla Firefox v2 (of which 1 is unpatched), and 5 in Internet Explorer v7 (of which 3 are unpatched).

(via TorrentFreak)

Update (22nd May) : This vulnerability has been fixed in Opera v9.21. Opera’s advisory related to this exploit is available here.

Popularity: 3 views

Enjoyed this article?
 
Subscribe to Full Feed RSS to get instant updates
You can also Subscribe to my E-mail newsletter and stay updated

Related Articles
Opera Bytes v4...
Opera hiding security vulnerabilities ?...
Clickjacking - Scary New Cross Brower Exploit...
Opera Bytes v2...
Opera Users Are Most Likely to be Running Old Versions...
Opera v9 : Excellent but not Perfect...
Extending Opera : The Ultimate Guide to Customizing Opera...
Firefox and Opera Downloaded more than 5 Million Times...
Opera Gets A Facelift...
Happy Birthday Opera...

Related posts brought to you by Yet Another Related Posts Plugin.

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

4 Comments

  • At 2007.05.06 10:21, sriram said:

    Hey, It’s currently in private beta and hence only limited but once they start scaling and giving out more invites, i will blog about it.

    And by the way, I like your Meta (neo counter). Do you have the link for this?

    Cheers
    Sriram

    [Reply]
    • At 2007.05.06 11:17, Pallab said:

      Neocounter is available at Neoworx

      [Reply]
      • At 2007.05.21 23:59, sriram said:

        Yeah installed it and took it off. ;) Thanks

        [Reply]
        • At 2007.06.02 13:13, Opera Bytes v4 » Not Just Another Blog said:

          [...] v9.21 for desktop was released on 21st May. This release fixes a critical vulnerability present in Opera’s torrent [...]

          [Reply]
          (Required)
          (Required, will not be published)
          « Google Testing New Layout for Search Results Page
          Microsoft to Buy Yahoo! »