DoS vulnerabilities in uTorrent and BitTorrent
Secunia has reported denial-of-service vulnerabilities in the torrent clients uTorrent 1.7.7 (build 8179) and BitTorrent 6.0.1 (build 7859). HTTP requests with a malformed "Range" header string make applications crash. For the attack to be successful, however, the web interface must be enabled, and this is not the default condition. The errors have been eliminated in BitTorrent 6.0.3 (build 8642) and uTorrent 1.8beta (build 10524).
See also:
- uTorrent / BitTorrent Web UI HTTP "Range" Header DoS, vulnerability report from Secunia
(mba)