Opera has fixed a flawed involving how its browser handles Torrent files that allowed hackers to attack vulnerable systems.

A boundary error in handling certain types of Torrent files exposed version 9.x of the browser to a stack-based buffer overflow, providing a user right-clicks a malicious Torrent entry in the transfer manager. Simply clicking on the Torrent link will not trigger the flaw, which Opera nonetheless describes as "highly critical".

Successful exploitation creates a means for hackers to inject hostile code.

The flaw, discovered by security researchers at iDefense, has been confirmed in Opera version 9.20 for Windows. Other versions may also be affected. Users are advised to upgrade to Opera version 9.21 to guard against attack.

Opera has included a built-in BitTorrent client in its browser software since the release of version 9.0, last June. ®

Related stories

• Opera update fixes stability bugs (4 July 2008)
• Bad hair day for alternative browser users (19 October 2007)
• BitTorrent-busters busted by BitTorrent (18 September 2007)
• Comcast throttles BitTorrent users (22 August 2007)
• Mozilla confirms own URL handling bug (25 July 2007)
• Opera tries to out-do the iPhone (19 June 2007)
• Opera adds tech to foil phishers (19 December 2006)
• Opera hit by buffer overflow glitch (19 October 2006)
• Just how buggy is Firefox? (8 September 2006)
• Opera 10 roadmap charts cross-platform support (31 July 2006)
• Opera 9 is go (21 June 2006)
• Opera bakes in BitTorrent (7 July 2005)