TorrentFreak

The place where breaking news, BitTorrent and copyright collide

uTorrent Vulnerable to Remote Exploits

The popular BitTorrent client uTorrent is reported to be vulnerable to remote exploits. Such exploits allow hackers to gain remote access to, and control over your computer.

utorrent exploitTwo weeks ago, George Ou discovered that Vista’s Speech Recognition exposes the possibility of a remote exploit, but it seems that uTorrent is not perfect either.

uTorrent is vulnerable to remote exploits (example) if the announce field of the .torrent file exceeds 4800 Bytes. This causes a buffer-overflow, and allow hackers to run their exploits. Note that these announce fields are normally smaller, so you have to be tricked into downloading a malicious torrent first.

The exploit is found in uTorrent 1.6 (build 474), but might affect older versions as well. It is reported that the exploit works on Windows 2000, and both Windows XP Service Pack 1 and 2.

The good news is that these exploits are only triggered by .torrent files that are designed to exploit uTorrent. This means that people are relatively safe if they watch out where they download their torrents from.

Update: This vulnerability has been fixed in the latest beta.

Related Posts

Previous Post | Next Post

  • Ludvig Strigeus

    This has been fixed back in July. Please use the latest utorrent beta, available at:
    http://download.utorrent.com/beta/utorrent-1.6.1-beta-build-483.exe

  • http://torrentfreak.com Ernesto

    That’s good to hear.

    474 is still on the download page though, perhaps a good idea to put a link to the latest beta on there as well?

  • jacotyco

    some private trackers ban the new beta. they’re not sure it’s safe.

  • Niek

    At Mininova we blocked torrent uploads with a ridiculous large announce size. Hope that helps to prevent spreading malicious torrents which exploit such heap overflows.

  • bltz

    It’s really sad that uTorrent is not being actively developed anymore.

    It’s the best client I have ever used, and I tried many over time.

  • Yatti

    I agree, beta should of been posted. I had to download it..

  • kdsde

    @#3 that beta is several month old!
    IIRC it was available long before the BitTorrent Inc. deal. So if it is really banned then those tracker admins might not be the smartest.

  • Pingback: BitLair.org :: µTorrent 1.6.1 Final :: February :: 2007

  • jacotyco

    @kdsde
    the beta was available long before the Bittorrent Inc. deal was announced. :p

  • gabriel

    uTorrent beta is blocked in many private sites. :(

  • Pingback: uTorrent 1.6.1 Released | TorrentFreak

  • Iain Cheyne

    If you are on XP SP2 or Vista and activate Data Execution Prevention (DEP), you can avoid buffer overflow exploits. Use Securable (http://www.grc.com/securable.htm) to see if you can activate DEP.

  • Pingback: uTorrent 1.6.1 released | Cormac Moylan

  • Butch

    Downloaded and installed newest version on WIN XP and was exploited by a virus. AVAST found it and it totally froze my computer.I was finally able to delete it and unintall and delete the virus and program. Everything was fine so I tried it again. Went back to site and downloaded it again and got the same results.

  • Pingback: Does port forwarding create security risk? « The Official MartinZ Blog

  • ma942zda

    c307t

  • Jamaz

    I was hacked while running utorrent 1.6 last week.

    From my logfiles I could read his ip (dail-up) and computer name: MORTIMATI. I found his emailadress on http://www.wieowie.nl and found his emailadres mortimati@gmail.ro.

    Please beware of his attacks.

    Jamaz

  • BTGuard - BitTorrent Anonymously

NewsBits

Even more news...

  • The Pirate Bay Isn’t Down Completely, Just Having a Few Issues

    Twitter and Facebook, not to mention the TorrentFreak inbox, are currently alive with complaints that The...

  • Pirate Bay Founder Gottfrid Svartholm on Freedom of Speech

    Freedom of speech is a highly valued commodity, but should people be allowed to say whatever...

  • Blu-ray Anti-Piracy Tech Stops Discs and Promotes Purchases

    An anti-piracy system present in all official Blu-ray players since 2012 has received a fresh update...

  • Foxtel Breeds Pirates by Locking Up Game of Thrones

    One of the main reasons why people turn to piracy is the lack of legal alternatives....

  • UK Student Admits Breaching Sony Copyrights With Leak of PS3 SDK

    Last year an Internet user known as El Nomeo leaked version 3.70 of Sony’s Playstation3 SDK...

MostDiscussed

Below are TorrentFreak's most discussed articles of the past month. Join the discussion if you like.

CopyQuote

Left Quote

“The Pirate Bay has been one of the most important movements in Sweden for freedom of speech, working against corruption and censorship.

Peter Sunde Left Quote

PopularArticles

A selection of some TorrentFreak's classics dug up from our archives.