Andre Yoskowitz
13 Aug 2008 14:24
Secunia has issued two new ‘highly critical’ security alerts, one for uTorrent, version 1.7.7, build 8179 and the second for the official BitTorrent client, in version 6.xx.
“A vulnerability has been discovered in BitTorrent, which potentially can be exploited by malicious people to compromise a user’s system,” the alert says.
The vulnerability was originally discovered by Rhys Kidd and says it "is caused due to a boundary error in the processing of .torrent files. This can be exploited to cause a stack-based buffer overflow by tricking the user into opening a .torrent file containing an overly long ‘created by’ field”."
“Successful exploitation may allow execution of arbitrary code.”
The flaw is only confirmed in version 1.7.7 right now but may in fact affect earlier versions.
Secunia and uTorrent advise to upgrade to the latest beta, version 1.8.0 at least.
You can download 1.8 here at Afterdawn: uTorrent 1.8 latest beta