A massive hole in the popular peer-to-peer (P2P) client µTorrent has put the computers of millions of file sharers at risk of hijacking.
The vulnerability allows hackers to execute code on remote systems, and opens the targeted system to further exploitation.
Hackers can create a stack-based buffer overflow by enticing users to open dodgy .torrent files, the format in which BitTorrent data is stored for distribution.
A boundary error caused by the way µTorrent processes .torrent files occurs on execution, opening a backdoor for malicious code execution.
The hole also affects the official BitTorrent client, version 6.x.x.
Both the affected BitTorrent release and µTorrent version 1.7.7 remain unpatched. µTorrent users have been advised to upgrade the current 1.8 release, which has reportedly patched the hole, while BitTorrent users should avoid opening unknown .torrent files.
File-sharing Web site Torrentfreak claimed that 19 percent of Windows desktops run either the official BitTorrent client or µTorrent application.