Exploit released for PC-hijack hole in µTorrent

A critical code execution hole is found in µTorrent, everyone's favorite torrent client. Dirty .torrent files could be used to in PC-takeover attacks.

Here's a major security issue that might have gotten buried in this week's patch-release deluge: A critical code execution hole in µTorrent, everyone's favorite lightweight torrent application.

What's worse, exploit code that provides instructions on using dirty .torrent files in PC-takeover attacks has been publicly available for several days.

µTorrent, which is owned by Bram Cohen's BitTorrent, Inc., has released version 1.6.1 to patch the vulnerability but, inexplicably, did not issue a warning to its users. The only acknowledgment of the bug was buried in a changelog in this forum thread.

SecuriTeam blogger Burak CIFTER explains why Windows users should treat this with the highest priority:

It [µTorrent] doesn't have an automatic patching system, most of its users don't even know what a 'vulnerability' is, and most of them also don't use an anti-virus (some of them even disable it to make their computers faster – download files 'easily'). Even with some of the users who already use anti-virus software, the rest of the users, if compromised and made into a botnet, would be enough to make a spectacular attack. The exploit is public and easy to use. Everyone can upload their own files to any torrent search site (they don’t have any security control).

I'm not sure if this uTorrent vulnerability is going to be used to create a worm, but what I'm sure about is that the uTorrent vulnerability has higher damage-potential than a SunOS telnetd vulnerability.

[UPDATE: February, 17, 2007] In the Talkback section, a reader notes:  "In the general page of the Preferences of the application there is a "Check for updates automatically" function which is ON by default."