Researchers at Google Project Zero discovered two critical remote code execution vulnerabilities in BitTorrent’s uTorrent Windows desktop and web client
Researchers at Google Project Zero discovered two critical remote code execution vulnerabilities in BitTorrent’s uTorrent Windows desktop and web client.The flaw was discovered by Tavis Ormandy of Google Project Zero and said that the vulnerabilities could easily be exploited by attackers to execute code or access downloaded files.“By default, utorrent create an HTTP RPC server on port 10000 (uTorrent classic) or 19575 (uTorrent web). There are numerous problems with these RPC servers that can be exploited by any website using XMLHTTPRequest(). To be clear, visiting *any* website is enough to compromise these applications.”The attacker can exploit this flaw and can change the torrent download folder to any writable location. The attacker can download malicious files into windows startup folder which will be executed every time the system boots up.The flaws can allow any website the user visits to access the downloaded files or control key functions in both uTorrent desktop and web clients.The attackers need to use the technique Domain Name Server (DNS) rebinding attack to exploit this flaw remotely.“The authentication secret is not the only data accessible within the webroot – settings, crashdumps, logs and other data is also accessible. As this is a complete remote compromise of the default uTorrent web configuration, I didn’t bother looking any further after finding this.” said in the analysis published by Google Project Zero.Ormandy notified BitTorrent about vulnerabilities and when there was no response from the company even after 90 days the research was made public.BitTorrent released an official statement on this issue on Wednesday and said that they have fixed the issue and will be available in the most recent beta release (build 3.5.3.44352 released on 16 Feb 2018). All the user will be updated with the fix automatically in coming days.The company also said that the uTorrent web client has also been patches and users are required to update to the latest available build 0.12.0.502 which is available on their website.