The cross platform browser Opera has been discovered to contain another critical vulnerability affecting its BitTorrent engine, one which leaves it wide open for a malicious user to run arbitrary code, potentially taking remote control of the host machine.
According to Danish computer security outfit Secunia, a vulnerability has been discovered in Opera v9.21 on the Windows platform, which can be exploited to compromise a user’s system, potentially taking remote control of the machine.
The advisory states that the vulnerability is created by Opera’s utilization of already freed memory when parsing BitTorrent headers. This flaw can then be exploited to run code on the host machine when a user is tricked into clicking a specially created .torrent file. When the file does not transfer, the user naturally deletes the .torrent file with a right click, an action which triggers the exploit.
At the moment, Windows version 9.21 is reported as being vulnerable although previous versions may also be affected.
Secunia offers a software tool which which enables users to see if they are affected by the vulnerability.
Any affected users can overcome the problems by upgrading to version 9.22. Opera is no stranger to vulnerabilities in its BitTorrent engine, as reported by us back in May.