![]() In doing so, an attacker could force a user to unwittingly download malicious software to their PC's startup folder, and it would automatically run the next time his or her system boots. The vulnerabilities, which are apparently easy to exploit, could allow a rogue website to control uTorrent (both the desktop client and web app). ![]() To be clear, visiting *any* website is enough to compromise these applications," Project Zero explains. There are numerous problems with these RPC servers that can be exploited by any website using XMLHTTPRequest(). ![]() "By default, Utorrent creates an HTTP RPC server on port 10000 (uTorrent Classic) or 19575 (uTorrent Web). Here is a basket of uTorrent DNS rebinding vulnerabilities that are now fixed, from remote code execution to querying and copying downloaded files, and more.
0 Comments
Leave a Reply. |