Critical Vulnerability Discovered in uTorrent

**anon** · 12.08.08, 20:22

A vulnerability described as ‘critical’ has been discovered in versions of uTorrent and the official BitTorrent client. The ‘buffer overflow’ vulnerability can be exploited to compromise a user’s computer for the execution of arbitrary code. It is suggested that users should immediately update to uTorrent version 1.8 RC7 or higher. There is currently no fix for the official client.

...

... “the vulnerability is caused due to a boundary error in the processing of .torrent files. This can be exploited to cause a stack-based buffer overflow by tricking the user into opening a .torrent file containing an overly long ‘created by’ field”.

Critical Vulnerability Discovered in uTorrent | TorrentFreak

**Aurion** · 13.08.08, 19:20

LOL u got to be kiddin me ?!! isnt uT a closed source client ?? how come out sources can access users hash info for example to compromise weak points off of the client

**anon** · 13.08.08, 19:40

This is not the first time a potential vulnerability is discovered in uT ^^
It doesn't matter if the product is open or closed source, hackers can still find things like this just like every software can be cracked

For example old versions of IE had this bug where loading an image with huge "width" and "height" values defined in the IMG tag of an HTML document would crash the browser...

**Logitech** · 14.08.08, 01:09

Logitech is searching Milw0rm.

.................

aaahhhh only for version 1.7.7:(

**anon** · 14.08.08, 15:39

Mmm... what did you want to do?

**Logitech** · 14.08.08, 16:09

By looking in the peerlist I see that much people still use uT 1.7.7:).

@anon: nothing

**anon** · 14.08.08, 19:46

It always takes a while for new versions to spread. But this time there's a good incentive to update...

Originally Posted by Logitech

@anon: nothing

Make sure that's how it stays

**Logitech** · 14.08.08, 23:33

Make sure that's how it stays

anon of what tracker where you member of?

**anon** · 14.08.08, 23:35

Many, but what does it have to do with this...?

**Logitech** · 14.08.08, 23:42

I was thinking about uploading some torrents with a shellcode in it

.

Edit: I edited my previous post maybe you understand why now.

**anon** · 14.08.08, 23:43

How would it be run?

**Logitech** · 14.08.08, 23:45

Originally Posted by anon

How would it be run?

My little secret

**anon** · 15.08.08, 00:01

*.torrent shell code execution exploit by Logitech is released*

**Aurion** · 16.08.08, 17:50

@anon: I believe that anything could be done with any piece of software as long as it has a source code sheet !! anyway,hope no body else messes with uT since its my fave one at all times,secure,resource saving & very fast reliable bittorrent client !!

@Logitech: lol maybe u need to share with us (joking if u dont want to for sure) that little secret Hunny !! maybe injecting a torrent file with a shellcode will make it more secure ?? dont know im just guessing