uTorrent Vulnerable to Remote Exploits

Written by Ernesto on February 13, 2007 

The popular BitTorrent client uTorrent is reported to be vulnerable to remote exploits. Such exploits allow hackers to gain remote access to, and control over your computer.

utorrent exploitTwo weeks ago, George Ou discovered that Vista’s Speech Recognition exposes the possibility of a remote exploit, but it seems that uTorrent is not perfect either.

uTorrent is vulnerable to remote exploits (example) if the announce field of the .torrent file exceeds 4800 Bytes. This causes a buffer-overflow, and allow hackers to run their exploits. Note that these announce fields are normally smaller, so you have to be tricked into downloading a malicious torrent first.

The exploit is found in uTorrent 1.6 (build 474), but might affect older versions as well. It is reported that the exploit works on Windows 2000, and both Windows XP Service Pack 1 and 2.

The good news is that these exploits are only triggered by .torrent files that are designed to exploit uTorrent. This means that people are relatively safe if they watch out where they download their torrents from.

Update: This vulnerability has been fixed in the latest beta.

Previously: The Pirate Bay, Featured in Vanity Fair

Next: uTorrent 1.6.1 Released

13 Responses

1 Feb 13, 2007 at 14:43 by Ludvig Strigeus

This has been fixed back in July. Please use the latest utorrent beta, available at:
http://download.utorrent.com/beta/utorrent-1.6.1-beta-build-483.exe

2 Feb 13, 2007 at 16:27 by Ernesto

That’s good to hear.

474 is still on the download page though, perhaps a good idea to put a link to the latest beta on there as well?

3 Feb 13, 2007 at 16:58 by jacotyco

some private trackers ban the new beta. they’re not sure it’s safe.

4 Feb 13, 2007 at 17:07 by Niek

At Mininova we blocked torrent uploads with a ridiculous large announce size. Hope that helps to prevent spreading malicious torrents which exploit such heap overflows.

5 Feb 14, 2007 at 00:18 by bltz

It’s really sad that uTorrent is not being actively developed anymore.

It’s the best client I have ever used, and I tried many over time.

6 Feb 14, 2007 at 05:02 by Yatti

I agree, beta should of been posted. I had to download it..

7 Feb 14, 2007 at 11:43 by kdsde

@#3 that beta is several month old!
IIRC it was available long before the BitTorrent Inc. deal. So if it is really banned then those tracker admins might not be the smartest.

8 Feb 14, 2007 at 18:55 by jacotyco

@kdsde
the beta was available long before the Bittorrent Inc. deal was announced. :p

9 Feb 14, 2007 at 18:59 by gabriel

uTorrent beta is blocked in many private sites. :(

10 Feb 14, 2007 at 20:15 by Iain Cheyne

If you are on XP SP2 or Vista and activate Data Execution Prevention (DEP), you can avoid buffer overflow exploits. Use Securable (http://www.grc.com/securable.htm) to see if you can activate DEP.

11 Mar 03, 2007 at 18:46 by Butch

Downloaded and installed newest version on WIN XP and was exploited by a virus. AVAST found it and it totally froze my computer.I was finally able to delete it and unintall and delete the virus and program. Everything was fine so I tried it again. Went back to site and downloaded it again and got the same results.

12 Sep 30, 2007 at 19:42 by ma942zda

c307t

13 Feb 10, 2008 at 22:33 by Jamaz

I was hacked while running utorrent 1.6 last week.

From my logfiles I could read his ip (dail-up) and computer name: MORTIMATI. I found his emailadress on http://www.wieowie.nl and found his emailadres mortimati@gmail.ro.

Please beware of his attacks.

Jamaz

Responses are closed

All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.