On mySimon: Lexmark X4850 Thermal Inkjet Printer
BNET Business Network:
BNET
TechRepublic
ZDNet

August 18th, 2008

uTorrent silently patches critical vulnerability

Posted by Ryan Naraine @ 4:23 pm

Categories: Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Exploit code, Hackers, Kernel-level Exploits, Metasploit, Passwords, Patch Watch, Pen testing, Vulnerability research, Web Applications

Tags: Critical Vulnerability, Vulnerability, µTorrent, Rhys Kidd, Security, Ryan Naraine

Code execution hole in uTorrentIf uTorrent is the client you use to download files, now might be a good time to hit that “check for updates” button.

According to security alerts aggregator Secunia, there’s a “highly critical” uTorrent vulnerability that could allow remote code execution attacks with rigged .torrent files.

From the advisory:

  • The vulnerability is caused due to a boundary error in the processing of “.torrent” files. This can be exploited to cause a stack-based buffer overflow by tricking the user into opening a “.torrent” file containing an overly long “created by” field.
  • Successful exploitation may allow execution of arbitrary code.
  • The vulnerability is confirmed in version 1.7.7 (build 8179). Prior versions may also be affected.

The issue was silently patched by the vendor in version 1.8 RC7.  Rhys Kidd says the flaw is at least two years old.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 3 Talkback(s)
1.8.1 is out
Btw, 1.8.1 is out:

--- 2008-08-18: Version 1.8.1 beta (build 11882)
- Feature: 2x faster hashing
- Feature: Open Containing Folder for Files tab
- Change: sort torrents without ETA aft... (Read the rest)
Posted by: Gradius2 Posted on: 08/19/08 You are currently: a Guest | | Terms of Use
Wow, 2 years old?  Alan Burns | 08/19/08
1.8 final is already out.  Gradius2 | 08/19/08
1.8.1 is out  Gradius2 | 08/19/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

  • Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
  • More from IBM
  • Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
  • Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
Click Here