uTorrent Vulnerable to Remote Exploits
The popular BitTorrent client uTorrent is reported to be vulnerable to remote exploits. Such exploits allow hackers to gain remote access to, and control over your computer.
Two weeks ago, George Ou discovered that Vista’s Speech Recognition exposes the possibility of a remote exploit, but it seems that uTorrent is not perfect either.
uTorrent is vulnerable to remote exploits (example) if the announce field of the .torrent file exceeds 4800 Bytes. This causes a buffer-overflow, and allow hackers to run their exploits. Note that these announce fields are normally smaller, so you have to be tricked into downloading a malicious torrent first.
The exploit is found in uTorrent 1.6 (build 474), but might affect older versions as well. It is reported that the exploit works on Windows 2000, and both Windows XP Service Pack 1 and 2.
The good news is that these exploits are only triggered by .torrent files that are designed to exploit uTorrent. This means that people are relatively safe if they watch out where they download their torrents from.
Update: This vulnerability has been fixed in the latest beta.
