Opera Software has updated its Opera browser to fix a critical flaw that allowed attackers to hijack Windows PCs by feeding them a malicious torrent file.
"A specially crafted torrent file can cause a buffer overflow in Opera," said Opera in a security advisory yesterday. "This allows arbitrary code to be injected and executed."
An exploit can be triggered if a user right-clicks on a specially crafted torrent file entry in the browser's built-in download manager.
Opera is the only major browser with integrated support for torrent files, the popular peer-to-peer filesharing/file-transfer format.
Danish vulnerability tracker Secunia rated the threat as 'highly critical', its second-highest ranking. Opera credited VeriSign iDefense Labs with reporting the bug.
Windows users should download Opera 9.21 immediately, the Norwegian company recommended.
Opera, one of the first browsers to popularise multiple windows, and then tabs, accounts for less than one percent of the global browser market. Internet Explorer, Firefox and Safari all have much larger shares.