uTorrent Stack Overflow in Processing '.torrent' File 'created by' String Lets Remote Users Execute Arbitrary Code - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (File Transfer/Sharing) > uTorrent

Vendors: utorrent.com

uTorrent Stack Overflow in Processing '.torrent' File 'created by' String Lets Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1020664

SecurityTracker URL: http://securitytracker.com/id/1020664

CVE Reference: CVE-2008-4434 (Links to External Site)

Updated: Mar 19 2009

Original Entry Date: Aug 12 2008

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes

Version(s): prior to 1.8

Description: A vulnerability was reported in uTorrent. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a '.torrent' file with a specially crafted 'created by' string that, when loaded by the target user, will trigger a stack overflow and execute arbitrary code on the target system. The code will run with the privileges of the target user.

Rhys Kidd reported this vulnerability.

Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution: The vendor has issued a fixed version (1.8).

The vendor's advisory is available at:

http://forum.utorrent.com/viewtopic.php?id=44003

Vendor URL: utorrent.com/ (Links to External Site)

Cause: Boundary error

Underlying OS: Windows (Any)

Message History: None.

Source Message Contents

Date: Mon, 11 Aug 2008 10:50:55 +0800
Subject: A new datapoint for 0day lifetime

Justine Aitel made the following statements during a July 2007 presentation:

*"Real-world 0day Statistics*
*Average 0day lifetime: 348 days
Shortest life: 99 days
Longest life: 1080 (3 years)"

*- http://immunityinc.com/downloads/0day_IPO.pdf*

*I'd like to include a new datapoint for those averages.
uTorrent and Bittorrent Mainline have included an unpatched Unicode stack
overflow in its code-base for at least 2 years. It was finally patched on
the 5th August 2008 with 1.8 Release Candidate 7.

Full details and discussion in the attached paper.

Rhys

_______________________________________________
Dailydave mailing list
Dailydave_at_lists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave

[application/pdf attachment: Stack_Overflow_in_uTorrent_-_Kidd_pdf]

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC