The vulnerability was found in uTorrent and can be maliciously exploited to compromise a user’s computer, however, it also affects the mainline BitTorrent client, since it’s based on the uTorrent code.

According to Secunia, “the vulnerability is caused due to a boundary error in the processing of .torrent files. This can be exploited to cause a stack-based buffer overflow by tricking the user into opening a .torrent file containing an overly long ‘created by’ field”.

A successful execution of the exploit would allow the attacker to run arbitrary code on the victim’s machine.

The vulnerability exists in uTorrent version 1.7.7 (Build 8179) and may well affect earlier versions too, although this isn’t yet confirmed. The flaw is also present in the official BitTorrent client, versions 6.xx.

The solution for uTorrent users is to immediately upgrade to version 1.8. Currently there is no solution for those using the mainline client. However, an update will be available soon, TorrentFreak was told. For now, caution is advised when using unverified torrents.

Article from: TorrentFreak, check out our new blog at FreakBits.