CVE-2008-4434 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4434): Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and earlier and (2) BitTorrent 6.0.3 build 8642 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Created By field in a .torrent file. CVE-2008-0071 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0071): The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) uTorrent before 1.8beta build 10524 allows remote attackers to cause a denial of Service (application crash) via an HTTP request with a malformed Range header.
POC for CVE-2008-0071: http://www.securityfocus.com/bid/29661/exploit
It seems that 5.0.9 is the latest open source version. I'm trying to contact them.
Yeah, this only affects 6.0, which is based on utorrent, which only works on windows :P
ok, so I guess we can close as invalid :)
Raul, I'd have loved to get a source for that. Isn't utorrent based on bittorrent and not the other way round?
(In reply to comment #5) > Raul, I'd have loved to get a source for that. > Isn't utorrent based on bittorrent and not the other way round? > http://torrentfreak.com/utorrent-relaunched-as-official-bittorrent-client/ http://support.bittorrent.com/faq/bittorrent-software-client/what-are-bittorrent-6x-system-requirements Enough? :)
Sure, thanks! :)
