• IDP Daily Update #1375
  posted: 02/27/09
  
• NSM Daily Update #1375
  posted: 02/27/09
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1375
  posted: 02/27/09
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1361
  posted: 02/27/09
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 02/26/09

Text Size:        

• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: BitTorrent and uTorrent Peers Window Remote Code Execution Vulnerability

Severity: HIGH

Description:

BitTorrent and uTorrent are Torrent applications available for Microsoft Windows.

BitTorrent and uTorrent are prone to a remote code-execution vulnerability because the applications fail to properly bounds check user-supplied input before copying it to an insufficiently sized memory buffer. The vulnerability occurs when the version number of another user's client is displayed in the 'Peers' window.

Attackers can exploit this issue to execute arbitrary code in the context of the application or to crash the affected application, denying service to legitimate users.

This issue affects the following versions:

BitTorrent 6.0
uTorrent 1.7.5
uTorrent 1.8-alpha-7834

Earlier versions may be affected as well.

UPDATE (January 24, 2008): This issue was originally documented as a denial-of-service issue, but reliable reports suggest that this issue can be exploited to execute arbitrary code.

Affected Products:

• BitTorrent BitTorrent 6.0
• uTorrent uTorrent 1.6
• uTorrent uTorrent 1.6.1
• uTorrent uTorrent 1.7.5

References:

• BitTorrent: BitTorrent Homepage
• uTorrent: uTorrent Homepage