BID:22530

uTorrent Torrent File Handling Remote Buffer Overflow Vulnerability

Info

uTorrent Torrent File Handling Remote Buffer Overflow Vulnerability

Bugtraq ID:	22530
Class:	Boundary Condition Error
CVE:	CVE-2007-0927
Remote:	Yes
Local:	No
Published:	Feb 12 2007 12:00AM
Updated:	Nov 15 2007 12:39AM
Credit:	defsec is credited with the discovery of this vulnerability.
Vulnerable:	uTorrent uTorrent 1.6

Not Vulnerable:	uTorrent uTorrent 1.6.1

Discussion

Exploit / POC

uTorrent Torrent File Handling Remote Buffer Overflow Vulnerability

UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

The following exploit is available to members of the Immunity Partner's Program:

https://www.immunityinc.com/downloads/immpartners/utorrent.tar

The following exploit code is available:

/data/vulnerabilities/exploits/22533.c

Solution / Fix

uTorrent Torrent File Handling Remote Buffer Overflow Vulnerability

Solution:
The vendor has released uTorrent 1.6.1 to address this issue. Please see the references for more information.

uTorrent uTorrent 1.6

uTorrent 1.6.1/utorrent.exe - standalone
http://download.utorrent.com/1.6.1/utorrent.exe

uTorrent uTorrent-1.6.1-install.exe
http://download.utorrent.com/1.6.1/uTorrent-1.6.1-install.exe

References

uTorrent Torrent File Handling Remote Buffer Overflow Vulnerability

References:

1.6.1 Change Log (uTorrent)
uTorrent Homepage (uTorrent )