F.E.A.R
Inactive User
- Joined
- Feb 12, 2006
- Messages
- 563
- Reaction score
- 10
hey guys a uTorrent vulnerability has been disclosed along with a proof of concept exploit,
this vulnerability affects uTorrent v1.6 running on XP SP1 & Win2K SP1-4 platforms
basically it will allow an attacker to create a malicious torrent file where the announce url is corrupted to crash uTorrent and will allow execution of shellcode.
although XP SP2 is not mentioned the exploit will still crash uTorrent on this platform so in my opinion its just a matter of time till someone figures out the correct offsets to succesfully exploit XP SP2 as well.
there has been a new uTorrent version 1.6.1.488 released to fix this flaw
Proof of Concept Exploit
http://defacedsecurity.com/defsec_utor1.6.c
uTorrent 1.6.1 Build 488
http://download.utorrent.com/1.6.1/utorrent.exe
be careful on public trackers
this vulnerability affects uTorrent v1.6 running on XP SP1 & Win2K SP1-4 platforms
basically it will allow an attacker to create a malicious torrent file where the announce url is corrupted to crash uTorrent and will allow execution of shellcode.
although XP SP2 is not mentioned the exploit will still crash uTorrent on this platform so in my opinion its just a matter of time till someone figures out the correct offsets to succesfully exploit XP SP2 as well.
there has been a new uTorrent version 1.6.1.488 released to fix this flaw
Proof of Concept Exploit
http://defacedsecurity.com/defsec_utor1.6.c
uTorrent 1.6.1 Build 488
http://download.utorrent.com/1.6.1/utorrent.exe
be careful on public trackers