IDG News Service - The developers of the uTorrent file-sharing application have released an updated version that fixes a problem that could allow an attacker to load malicious code onto a user's computer.
The problem, known as DLL (dynamic link library) load hijacking, affects dozens of commonly used Windows applications. The flaw can allow an attacker to trick an application into downloading what it thinks is a DLL but actually is a malicious file. A DLL is a piece of code that can be used by more than one application.
The issue affects more than 40 applications including the Safari and Firefox browsers, many Microsoft and Adobe Systems applications and others including Skype and uTorrent.
UTorrent version 2.0.4 fixes the problem, although the company behind the application, BitTorrent, said that no attacks have been reported despite a working exploit.
"The new client disables loading of DLLs from the current working directory and prevents this exploit from functioning," according to the posting. "We take our users' security very seriously, and we sincerely apologize for any inconvenience."
The DLL problem isn't specific to the Windows OS, and Microsoft can't issue a patch that makes all of the applications safe. Application developers and companies need to develop their own specific patches.
UTorrent is a free BitTorrent client application that manages the downloading of content from the peer-to-peer system, which uses small information files called torrent to coordinate downloads.
Send news tips and comments to jeremy_kirk@idg.com
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
