Fortinet Security Research

**Name of the Vulnerable Software and Affected Versions** BitComet Client version 0.60 **Description** The issue allows remote attackers to execute arbitrary code when the publisher's name link is clicked, via a long publisher URI in a torrent file. This occurs because the BitComet Client fails to check the size of the publisher's name URI in a torrent file, resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code, potentially resulting in a loss of availability. **Recommendations** For BitComet Client version 0.60, consider disabling the handling of publisher's name links in torrent files until a patch is available to prevent arbitrary code execution. Restrict access to torrent files with long publisher URI to minimize the risk of exploitation.