WebUI Security Vulnerability Resolved in uTorrent/BitTorrent

Francisco —  June 16, 2016 — Leave a comment

On Feb 1, 2016 we were informed about a DLL planting[1] vulnerability in uTorrent/BitTorrent by the team behind The Zero Day Initiative[2]. All versions of uTorrent prior to 3.4.7.42330 and BitTorrent 7.9.7.42331 are affected.

Older versions of uTorrent/BitTorrent would “pin” netprofm.dll at startup in an attempt to mitigate a (an old) crash due to premature DLL unloading. The “pinning” mechanism employed had the undesirable effect of allowing a local attacker to execute code during uTorrent/BitTorrent’s startup by dropping (or “planting”) a specially crafted DLL in the program’s working directory (or current directory at time of application launch)[3].

This explicit DLL load combined with the WebUI’s ability to download files to uTorrent/BitTorrent’s working directory, could have allowed an attacker to execute arbitrary code by instructing uTorrent/BitTorrent to download cleverly crafted .torrent through the WebUI.

To mitigate the vulnerability, the latest versions of uTorrent/BitTorrent:
– Will not pin netprofm.dll at startup. The DLL is loaded when required as any other DLL.
– Will not allow the WebUI to download files to uTorrent/BitTorrent’s working directory.

We ask all uTorrent/BitTorrent users to update to the latest stable versions linked below:
uTorrent 3.4.7.42330
BitTorrent 7.9.7.42331

To stay up to date with upcoming changes in the next stable build follow our beta changelog here.

Thank you to The Zero Day Initiative for responsibly reporting this vulnerability.
– uTorrent/BitTorrent Team

References:
[1] https://www.us-cert.gov/ncas/alerts/TA10-238A
[2] https://www.zerodayinitiative.com/
[3] https://msdn.microsoft.com/en-us/library/windows/desktop/ff919712(v=vs.85).aspx

Francisco

Posts

Francisco is a software engineer on the uTorrent/BitTorrent team. When not working on security issues you'll find him working in some part of the networking code. In his spare time he enjoys aviation, fiddling with electronics and listening to anything with a TB303.