Also affects the official BitTorrent client server.Rhys Kidd of Insecure.org's "Dailydave" is reporting the recent discovery of "vulnerable uTorrent code" that affects both uTorrent as well as the official BitTorrent client server. "A vulnerability has been discovered in BitTorrent, which potentially can be exploited by malicious people to compromise a user's system," reads a security warning. The exploit is confirmed in uTorrent version 1.7.7 (build 8179), but is solved by simply updating to version 1.8 stable, which was just released. It's also confirmed in the official BitTorrent version 6.0.3 (build 8642), but the only solution far is to refrain from opening untrusted ".torrent" files. "The vulnerability is caused due to a boundary error in the processing of '.torrent' files," continues the security warning. "This can be exploited to cause a stack-based buffer overflow by tricking the user into opening a ".torrent" file containing an overly long 'created by' field." Successful exploitation of the vulnerability may allow malicious users to inject arbitrary code. |
 
|
members that voted for this story
|
