Vulnerabilities > CVE-2010-3129 - Unspecified vulnerability in Utorrent

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
utorrent
critical
exploit available

Summary

Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse plugin_dll.dll, userenv.dll, shfolder.dll, dnsapi.dll, dwmapi.dll, iphlpapi.dll, dhcpcsvc.dll, dhcpcsvc6.dll, or rpcrtremote.dll that is located in the same folder as a .torrent or .btsearch file. Per: http://cwe.mitre.org/data/definitions/426.html CWE-426 - 'Untrusted Search Path Vulnerability'

Exploit-Db

  • descriptionuTorrent DLL Hijacking Vulnerabilities. Local exploit for windows platform
    fileexploits/windows/local/14748.txt
    idEDB-ID:14748
    last seen2016-02-01
    modified2010-08-25
    platformwindows
    port
    published2010-08-25
    reporterDr_IDE
    sourcehttps://www.exploit-db.com/download/14748/
    titleuTorrent - DLL Hijacking Vulnerabilities
    typelocal
  • descriptionuTorrent <= 2.0.3 DLL Hijacking Exploit (plugin_dll.dll). CVE-2010-3129. Local exploit for windows platform
    fileexploits/windows/local/14726.c
    idEDB-ID:14726
    last seen2016-02-01
    modified2010-08-24
    platformwindows
    port
    published2010-08-24
    reporterTheLeader
    sourcehttps://www.exploit-db.com/download/14726/
    titleuTorrent <= 2.0.3 DLL Hijacking Exploit plugin_dll.dll
    typelocal

Oval

accepted2010-10-25T04:00:20.553-04:00
classvulnerability
contributors
nameSecPod Team
organizationSecPod Technologies
definition_extensions
commentuTorrent is installed
ovaloval:org.mitre.oval:def:7343
descriptionUntrusted search path vulnerability in uTorrent 2.0.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse plugin_dll.dll, userenv.dll, shfolder.dll, dnsapi.dll, dwmapi.dll, iphlpapi.dll, dhcpcsvc.dll, dhcpcsvc6.dll, or rpcrtremote.dll that is located in the same folder as a .torrent or .btsearch file.
familywindows
idoval:org.mitre.oval:def:6887
statusaccepted
submitted2010-09-13T10:27:44
titleUntrusted search path vulnerability in uTorrent less than or equal to 2.0.3
version4