DOS Vulnerability in uTorrent and Bittorrent
A vulnerability in uTorrent and Bittorrent, which is using uTorrent’s core, was discovered
today that effects the BitTorrent 6.0 client,
uTorrent 1.7.x, uTorrent 1.6.x and uTorrent 1.8-alpha-7834. The Denial of Service vulnerability is made possible by the way the clients handle user data.
Basically said, uTorrent will crash if a user connects to it that sends a software version that is to long to be handled. This results in a crash of uTorrent. The attacker does not need to use Bittorrent at all to do that, a connection to the port that is being used by Bittorrent sending the to-long software version and a valid torrent hash is enough.
Code execution on the other hand is not possible. The uTorrent team reacted in less than one day and published a new version of their software 1.7.6
that handles the DOS vulnerability and three minor issues as well.
DOS Vulnerability in uTorrent and Bittorrent : Welcome To Tech-Dump