Torrent overflows Opera
Print storyBrowser maker lances file download bug
Posted in Anti-Virus, 23rd May 2007 10:49 GMT
Free whitepaper – Securing your online data transfer with SSL
Opera has fixed a flawed involving how its browser handles Torrent files that allowed hackers to attack vulnerable systems.
A boundary error in handling certain types of Torrent files exposed version 9.x of the browser to a stack-based buffer overflow, providing a user right-clicks a malicious Torrent entry in the transfer manager. Simply clicking on the Torrent link will not trigger the flaw, which Opera nonetheless describes as "highly critical".
Successful exploitation creates a means for hackers to inject hostile code.
The flaw, discovered by security researchers at iDefense, has been confirmed in Opera version 9.20 for Windows. Other versions may also be affected. Users are advised to upgrade to Opera version 9.21 to guard against attack.
Opera has included a built-in BitTorrent client in its browser software since the release of version 9.0, last June. ®
Free whitepaper – Certify your software integrity with Thawte code signing certificates
The business case for application security
Reducing messaging and web security costs with managed services
Avoiding 7 common mistakes of IT security compliance
Server-gated cryptography
Airport insecurity: the case of lost laptops
Feds: Hospital hacker's 'massive' DDoS averted
Buggy 'smart meters' open door to power-grid botnet
Microsoft knew of nasty IE bug a year before attacks
BlockMaster SafeStick hardware-encrypted USB drive