BitTorrent and uTorrent Remote Code Execution Vulnerability

vendor:

BitTorrent and uTorrent

by:

SecurityFocus

9.3

CVSS

HIGH

Remote Code Execution

119

CWE

Product Name: BitTorrent and uTorrent

Affected Version From: BitTorrent 6.0

Affected Version To: uTorrent 1.8-alpha-7834

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

BitTorrent and uTorrent Remote Code Execution Vulnerability

BitTorrent and uTorrent are prone to a remote code-execution vulnerability because the applications fail to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to execute arbitrary code in the context of the application or to crash the affected application, denying service to legitimate users.

Mitigation:

Users should upgrade to the latest version of the application.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/27321/info

BitTorrent and uTorrent are prone to a remote code-execution vulnerability because the applications fail to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of the application or to crash the affected application, denying service to legitimate users.

This issue affects the following versions:

BitTorrent 6.0
uTorrent 1.7.5
uTorrent 1.8-alpha-7834

Earlier versions may be affected as well.

UPDATE (January 24, 2008): This issue was originally documented as a denial-of-service issue, but reliable reports suggest that this issue can be exploited to execute arbitrary code. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/31032.zip