A vulnerability in uTorrent and Bittorrent, which is using uTorrent’s core, was discovered today that effects the BitTorrent 6.0 client,
uTorrent 1.7.x, uTorrent 1.6.x and uTorrent 1.8-alpha-7834. The Denial of Service vulnerability is made possible by the way the clients handle user data.
Basically said, uTorrent will crash if a user connects to it that sends a software version that is to long to be handled. This results in a crash of uTorrent. The attacker does not need to use Bittorrent at all to do that, a connection to the port that is being used by Bittorrent sending the to-long software version and a valid torrent hash is enough.
Code execution on the other hand is not possible. The uTorrent team reacted in less than one day and published a new version of their software 1.7.6 that handles the DOS vulnerability and three minor issues as well.
While it is not very likely that someone will actually exploit the vulnerability it is still advised to update immediately.
via Torrentfreak
Related posts:
uTorrent 1.7.7 fixes two remote crash bugsuTorrent 0.9 Beta For Mac
VLC Player Vulnerability
uTorrent 1.8.2 Final
Bittorrent client Bitthief spies on users
A New Vulnerability Discovered in μTorrent
uTorrent 1.6.1 update fixes remote exploit
How To Make uTorrent Portable
Confirmed this bug works…
But will not work with privte tracker, you need to copy the SHA-1 hash manually from the torretn page you are downloading.