Summary:

Fortinet Security Research Team (FSRT) has discovered a URI buffer overflow Vulnerability in the BitComet P2P Client software. It indicates a possible exploit of buffer overflow vulnerability in BitComet. BitComet is one of the most popular P2P Client for file sharing, which uses bittorrent protocol. There is a bug in BitComet, a remote attacker could construct a special .torrent file and put it on any bt publish web site. When a user downloads the .torrent file and clicks on publishers name, BitComet will crash. An attacker can run arbitrary Command on victims host by specially crafted .torrent file.

Impact:

Execute arbitrary code

Affected Products:

BitComet v0.60

Severity:

High

Solution:

BitComet has released a update for this vulnerability, which is available for downloading from BitComet's web site.

Reference:

http://www.bitcomet.com/doc/download.htm

Acknowledgment:

Dejun Meng of Fortinet Security Research team found this vulnerability.