uTorrent Vulnerable to Remote Exploits

Written by Ernesto on February 13, 2007

The popular BitTorrent client uTorrent is reported to be vulnerable to remote exploits. Such exploits allow hackers to gain remote access to, and control over your computer.

utorrent exploit Two weeks ago, George Ou discovered that Vista’s Speech Recognition exposes the possibility of a remote exploit, but it seems that uTorrent is not perfect either.

uTorrent is vulnerable to remote exploits (example) if the announce field of the .torrent file exceeds 4800 Bytes. This causes a buffer-overflow, and allow hackers to run their exploits. Note that these announce fields are normally smaller, so you have to be tricked into downloading a malicious torrent first.

The exploit is found in uTorrent 1.6 (build 474), but might affect older versions as well. It is reported that the exploit works on Windows 2000, and both Windows XP Service Pack 1 and 2.

The good news is that these exploits are only triggered by .torrent files that are designed to exploit uTorrent. This means that people are relatively safe if they watch out where they download their torrents from.

Update: This vulnerability has been fixed in the latest beta.

If you don't like torrents try MP3 Fiesta. They hold nearly 67,000 albums from nearly 17,000 artists. Prices are around the $0.10 mark for single tracks with full albums coming in at roughly $1.00. Tracks are available from 192kbps and they take major credit cards and PayPal

Saved in: All, Bittorrent Clients, DRM and Other Evil, Hot Off The Press
Tags: bittorrent, exploit, utorrent

Previously: The Pirate Bay, Featured in Vanity Fair

Next: uTorrent 1.6.1 Released

Related Entries

17 Responses (Add yours or TrackBack)

1 Feb 13, 2007 at 14:43 by Ludvig Strigeus

This has been fixed back in July. Please use the latest utorrent beta, available at:
http://download.utorrent.com/beta/utorrent-1.6.1-beta-build-483.exe

2 Feb 13, 2007 at 16:27 by Ernesto

That’s good to hear.

474 is still on the download page though, perhaps a good idea to put a link to the latest beta on there as well?

3 Feb 13, 2007 at 16:58 by jacotyco

some private trackers ban the new beta. they’re not sure it’s safe.

4 Feb 13, 2007 at 17:07 by Niek

At Mininova we blocked torrent uploads with a ridiculous large announce size. Hope that helps to prevent spreading malicious torrents which exploit such heap overflows.

5 Feb 14, 2007 at 00:18 by bltz

It’s really sad that uTorrent is not being actively developed anymore.

It’s the best client I have ever used, and I tried many over time.

6 Feb 14, 2007 at 05:02 by Yatti

I agree, beta should of been posted. I had to download it..

7 Feb 14, 2007 at 11:43 by kdsde

@#3 that beta is several month old!
IIRC it was available long before the BitTorrent Inc. deal. So if it is really banned then those tracker admins might not be the smartest.

8 Feb 14, 2007 at 18:55 by jacotyco

@kdsde
the beta was available long before the Bittorrent Inc. deal was announced. :p

9 Feb 14, 2007 at 18:59 by gabriel

uTorrent beta is blocked in many private sites. :(

10 Feb 14, 2007 at 20:15 by Iain Cheyne

If you are on XP SP2 or Vista and activate Data Execution Prevention (DEP), you can avoid buffer overflow exploits. Use Securable (http://www.grc.com/securable.htm) to see if you can activate DEP.

11 Mar 03, 2007 at 18:46 by Butch

Downloaded and installed newest version on WIN XP and was exploited by a virus. AVAST found it and it totally froze my computer.I was finally able to delete it and unintall and delete the virus and program. Everything was fine so I tried it again. Went back to site and downloaded it again and got the same results.

12 Sep 30, 2007 at 19:42 by ma942zda

c307t

13 Feb 10, 2008 at 22:33 by Jamaz

I was hacked while running utorrent 1.6 last week.

From my logfiles I could read his ip (dail-up) and computer name: MORTIMATI. I found his emailadress on http://www.wieowie.nl and found his emailadres mortimati@gmail.ro.

Please beware of his attacks.

Jamaz

TorrentFreak