Info

Disclosure

Feb 12, 2007

Discovery

Unknown

Dates

Exploit

Feb 12, 2007

Solution

Unknown

Description

A remote overflow exists in uTorrent. The client fails to perform boundary checking on the torrent announce header resulting in a stack-based overflow. With a specially crafted torrent file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public, Exploit Commercial

Solution

Upgrade to version uTorrent 1.6.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

BitTorrent Inc.

uTorrent

1.6

References

Security Tracker: 1017648
CVE ID: 2007-0927 (see also: NVD)
Bugtraq ID: 22530
Secunia Advisory ID: 24130
ISS X-Force ID: 32455
Milw0rm: 3296
Exploit Database: 3296
VUPEN Advisory: ADV-2007-0571
Generic Exploit URL: http://immunitysec.com

Credit

defsec - defacedsecurityhotmail.com -

Direct URL: http://osvdb.org/33180