blob: 4f3f842efba3cb7d2cb1cf42cefe9466e4b3bef8 (
plain)
1
2
3
4
5
6
7
8
9
10
|
<img border="0" alt="Opera2" title="Opera2" src="http://blog.wired.com/photos/uncategorized/opera2.jpg" style="margin: 0px 0px 5px 5px; float: right;" />Opera has dashed off a security fix for Windows users which plugs a critical hole in the browser that allowed attackers hijack Windows machines by feeding them a malicious torrent file.
According to a [security advisory][1] on the Opera site, "a specially crafted torrent file can cause a buffer overflow in Opera. This allows arbitrary code to be injected and executed."
The exploit was only possible if users right-clicked on a malicious torrent in the transfer manager. Clicking a torrent link itself would not tricker the flaw.
Opera patched the flaw in a [security update][2] (version 9.21), which is a recommended download for all Windows Opera users.
[1]: http://www.opera.com/support/search/view/860/ "Advisory: Malicious torrent files can execute arbitrary code in Opera"
[2]: http://www.opera.com/download/index.dml?opsys=Windows&lng=en&ver=9.21&platform=Windows&local=y "Download Opera 9.21"
|
