uTorrent is vulnerable to remote exploits if the announce field of the .torrent file exceeds 4800 Bytes. This causes a buffer-overflow, and allow hackers to run their exploits. Note that these announce fields are normally smaller, so you have to be tricked into downloading a malicious torrent first.
The exploit is found in uTorrent 1.6 (build 474), but might affect older versions as well. It is reported that the exploit works on Windows 2000, and both Windows XP Service Pack 1 and 2.
The good news is that these exploits are only triggered by .torrent files that are designed to exploit uTorrent. This means that people are relatively safe if they watch out where they download their torrents from.
Update: This vulnerability has been fixed in the latest beta.
Update:New version 1.6.1 released : - Fix: Problem with category list in the gui when updated from the webui - Fix: WebUI not clearing state between requests. - Fix: Redirect also index.html to guest.html - Fix: Added On Now shows the time it's added, not loaded. - Fix: JSON uses " instead of ' - Fix: (a) Upnp fix - Fix: Show pause icon when checking is paused. - Fix: Fixed problems with XML parser - Fix: Don't allow two message boxes to be shown in the RSS window - Fix: Changed some window titles - Fix: Fix malformed .torrent exploit - Fix: Boss key field is now larger
