Is affected the system:
BitTorrent BitTorrent <= 6.0 (build 5535)
BitTorrent uTorrent <= 1.8-alpha-7834
BitTorrent uTorrent <= 1.7.5 (build 4602)
Not affected system:
BitTorrent uTorrent 1.7.6 (build 7859)
Description:
BitTorrent and uTorrent are the popular bittorrent agreement client sides, has used the same code storehouse.
BitTorrent and uTorrent realize on have the buffer overflow crack, the long-distance aggressor possibly uses this crack to control the user client side.
BitTorrent and the uTorrent client side has begun using Detailed in the General part the Info window, uses in reporting that concerns torrent which and tracker status messages uses. In General in the identical window's Peers part demonstrated that concerns connects the client side the information, like shares the torrent utilization ratio, the IP address and so on. When the user examined this window time, will connect the client side software release through the wcscpy function the unicode string of character copy to the relative static buffer, in order to demonstrated in GUI. If this string of character ultra long, triggers the buffer overflow on the possibility, causes to refuse to serve or to carry out the random order, if must use this crack, the exterior aggressor must connect the stochastic port which the client side opens, then the transmission current uses torrent the ultra length client side edition and the SHA1 Hasche.
Manufacturer patch:
At present the manufacturer had already issued the promotion patch repairs this security problem, welcome to manufacturer main page downloading:
http://download.utorrent.com/1.7.6/utorrent.exe
|