BitTorrent and uTorrent Remote Code Execution Vulnerability (CVE-2015-5474)
BitTorrent and uTorrent Remote Code Execution Vulnerability (CVE-2015-5474)
Release date:
Updated on:
Affected Systems:
BitTorrent
Description:
Bugtraq id: 75968
CVE (CAN) ID: CVE-2015-5474
BitTorrent and uTorrent are popular bittorrent protocol clients that use the same code library.
When BitTorrent and uTorrent process URLs of bittorrent or magnet protocol, There is a remote code execution vulnerability in implementation. By enticing users to click a link starting with bittorrent: Or magnet, attackers can inject arbitrary command line parameters and execute arbitrary code in the current user context.
<* Source: Andrea Micalizzi (rgod)
Link: http://www.zerodayinitiative.com/advisories/ZDI-15-358/
*>
Suggestion:
Vendor patch:
BitTorrent
----------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://download-new.utorrent.com/uuid/1b11272b-e9c2-4f5a-aed5-cc23bcf7ef37
Http://download-new.utorrent.com/uuid/1b11272b-e9c2-4f5a-aed5-cc23bcf7ef37
This article permanently updates the link address: