Gea-Suan Lin's BLOG

Saturday, January 28, 2006

BitComet 安全漏洞

剛剛在 看到的:BitCometURI.c,攻擊者可以製造一個特殊的 .torrent 然後散佈出去,當 開啟檔案的時候會 crash,而且會執行 .torrent 檔裡面所帶有的 evil code:

A vulnerability in BitComet allows remote attackers to construct a special .torrent file and put it on any BitTorrent publishing web site. When a user downloads the .torrent file and clicks on publishers name, BitComet will crash. An attacker can run arbitrary code on victims’ host by specially crafted .torrent file.

看起來 不久後就得出 0.62 了 :p