A vulnerability described as ‘critical’ has been discovered in versions of uTorrent and the official BitTorrent client. The ‘buffer overflow’ vulnerability can be exploited to compromise a user’s computer for the execution of arbitrary code. It is suggested that users should immediately update to uTorrent version 1.8 RC7 or higher. There is currently no fix for the official client.
VLC Player, one of the best and most widely used media players has found to be vulnerable to a remote hijack. The reported vulnerability makes it possible for a malicious user to run arbitrary code, potentially taking remote control of the host machine.
Both the official BitTorrent and uTorrent clients are vulnerable to a remote denial-of-service attack, due to the way they handle user-supplied data. Versions found to be vulnerable so far are the official BitTorrent 6.0 client,
uTorrent 1.7.x, uTorrent 1.6.x and uTorrent 1.8-alpha-7834.
The cross platform browser Opera has been discovered to contain another critical vulnerability affecting its BitTorrent engine, one which leaves it wide open for a malicious user to run arbitrary code, potentially taking remote control of the host machine.
