Vulnerabilities > CVE-2010-3129 - Unspecified vulnerability in Utorrent
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse plugin_dll.dll, userenv.dll, shfolder.dll, dnsapi.dll, dwmapi.dll, iphlpapi.dll, dhcpcsvc.dll, dhcpcsvc6.dll, or rpcrtremote.dll that is located in the same folder as a .torrent or .btsearch file. Per: http://cwe.mitre.org/data/definitions/426.html CWE-426 - 'Untrusted Search Path Vulnerability'
Vulnerable Configurations
Exploit-Db
description uTorrent DLL Hijacking Vulnerabilities. Local exploit for windows platform file exploits/windows/local/14748.txt id EDB-ID:14748 last seen 2016-02-01 modified 2010-08-25 platform windows port published 2010-08-25 reporter Dr_IDE source https://www.exploit-db.com/download/14748/ title uTorrent - DLL Hijacking Vulnerabilities type local description uTorrent <= 2.0.3 DLL Hijacking Exploit (plugin_dll.dll). CVE-2010-3129. Local exploit for windows platform file exploits/windows/local/14726.c id EDB-ID:14726 last seen 2016-02-01 modified 2010-08-24 platform windows port published 2010-08-24 reporter TheLeader source https://www.exploit-db.com/download/14726/ title uTorrent <= 2.0.3 DLL Hijacking Exploit plugin_dll.dll type local
Oval
accepted | 2010-10-25T04:00:20.553-04:00 | ||||
class | vulnerability | ||||
contributors |
| ||||
definition_extensions |
| ||||
description | Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse plugin_dll.dll, userenv.dll, shfolder.dll, dnsapi.dll, dwmapi.dll, iphlpapi.dll, dhcpcsvc.dll, dhcpcsvc6.dll, or rpcrtremote.dll that is located in the same folder as a .torrent or .btsearch file. | ||||
family | windows | ||||
id | oval:org.mitre.oval:def:6887 | ||||
status | accepted | ||||
submitted | 2010-09-13T10:27:44 | ||||
title | Untrusted search path vulnerability in uTorrent less than or equal to 2.0.3 | ||||
version | 4 |