The vulnerability was found in uTorrent and can be maliciously exploited to compromise a user’s computer, however, it also affects the mainline BitTorrent client, since it’s based on the uTorrent code.

According to Secunia, “the vulnerability is caused due to a boundary error in the processing of .torrent files. This can be exploited to cause a stack-based buffer overflow by tricking the user into opening a .torrent file containing an overly long ‘created by’ field”.

A successful execution of the exploit would allow the attacker to run arbitrary code on the victim’s machine.

The vulnerability exists in uTorrent version 1.7.7 (Build 8179) and may well affect earlier versions too, although this isn’t yet confirmed. The flaw is also present in the official BitTorrent client, versions 6.xx.

The solution for uTorrent users is to immediately upgrade to version 1.8. Currently there is no solution for those using the mainline client. However, an update will be available soon, TorrentFreak was told. For now, caution is advised when using unverified torrents.

Source: Critical Vulnerability Discovered in uTorrent

Unfortunately, the latest versions of VLC have a security flaw according to a report from Luigi Auriemma. The vulnerability can be exploited to compromise a user’s system, as it leaves it wide open for a malicious user to run arbitrary code.

The problem occurs when a someone loads a subtitle file, which causes a buffer overflow that can be exploited. The security flaw is platform independent, which means it affects Windows, Mac and Linux users.

Initially it was reported that the flaws in version 0.8.6d were fixed in the latest release, but this turns out not to be the case. Auriemma writes: “The old buffer-overflow in the subtitles handled by VLC has not been fully patched in version 0.8.6e.”

“The funny thing is that my old proof-of-concept was built just to test this specific buffer-overflow and in fact it works on the new VLC version too without modifications,” he adds.

For now, the only solutions are not to run any subtitle files, or to grab one of the nightly builds. The downside is, however, that these might not be as stable as the regular releases.

Source: VLC Player Vulnerable to Remote Hijack

So far, the problem appears to affect these clients:

– BitTorrent 6.0 (build 5535)
– uTorrent 1.7.5 (build 4602)
– uTorrent 1.8 (alpha 7834)

Luigi is reporting that earlier versions of these clients may also be vulnerable and this appears to have been confirmed by the uTorrent team. The problems are confirmed to exist on Windows versions of the software. As yet, Mac and Linux versions of the official BitTorrent client have not been tested.

The bug in detail (from Luigi’s site):

By default both the clients have the “Detailed Info” window active with the “General” section visible in it where are reported various informations about the status of the torrent and the trackers in use.

In this same window near “General” there is also the “Peers” section which is very useful since it showes many informations about the other connected clients like the percentage of availability of the shared torrent, their IP address, country, speed and amount of downloaded and uploaded data and moreover the version of their client (like “BitTorrent 6.0″, “Azureus 3.0.3.4″, “uTorrent 1.7.5″, “KTorrent 2.2.4″ and so on).

When this window is visualized by the user the unicode strings with the software versions of the connected clients are copied in the relative static buffers used for the visualization in the GUI through the wcscpy function.

If this string is too long a crash will occur immediately or in some cases (like on BitTorrent) could happen later or when the user watches the status of another torrent or leaves the “Peers” window. Code execution is not possible.

For exploiting the problem is enough that an external attacker connects to the random port opened on the client and sends the long client version and the SHA1 hash of the torrent currently in use and watched
on the target. Note that all these parameters (client IP, port and torrent’s hash) are
publicly available on the tracker.

The uTorrent team state the flaw affects all older uTorrent versions 1.6 and 1.7.x. too but have been quick to respond, releasing a new build – uTorrent 1.7.6 (build 7859) which has fixed the issue.

It can be downloaded here.

Source: uTorrent and Official BitTorrent Client Vulnerable to Remote DOS Attack

According to Danish computer security outfit Secunia, a vulnerability has been discovered in Opera v9.21 on the Windows platform, which can be exploited to compromise a user’s system, potentially taking remote control of the machine.

The advisory states that the vulnerability is created by Opera’s utilization of already freed memory when parsing BitTorrent headers. This flaw can then be exploited to run code on the host machine when a user is tricked into clicking a specially created .torrent file. When the file does not transfer, the user naturally deletes the .torrent file with a right click, an action which triggers the exploit.

At the moment, Windows version 9.21 is reported as being vulnerable although previous versions may also be affected.

Secunia offers a software tool which which enables users to see if they are affected by the vulnerability.

Any affected users can overcome the problems by upgrading to version 9.22. Opera is no stranger to vulnerabilities in its BitTorrent engine, as reported by us back in May.

Source: Critical BitTorrent Vulnerability Found in Opera Browser