I've spent some time looking into this issue.
The POC code on milw0rm relies on creating a malicious torrent file which the uT user opens. On any sites without public uploads, or those that clean the uploaded torrents, there is no real problem.
Another issue mentioned on torrentfreak recently revolves around an overflow bug in extended messaging.
When an attacker sends a long enough string for version info, and the user views the peers tab, uT will crash.
1.6.x versions are not vulnerable to this attack, as they never display the version info obtained from extended messaging in the peers tab.
1.7.x are vulnerable.
Have not tested 1.8.x
1.6.x still has some life in it yet
Bookmarks