UTorrent File Opening Insecure Library Loading Vulnerability Network Vulnerability

Summary

This host is installed with uTorrent and is prone to insecure library loading vulnerability.

Impact

Successful exploitation will allow the attackers to execute arbitrary code and conduct DLL hijacking attacks. Impact Level: Application.

Solution

Upgrade to uTorrent version 2.0.4 or later, For updates refer to http://www.utorrent.com/downloads

Insight

The flaw is due to the application insecurely loading certain librairies from the current working directory, which could allow attackers to execute arbitrary code by tricking a user into opening a Torrent file.

Affected

uTorrent version 2.0.3 and prior

References

http://secunia.com/advisories/41051
http://www.exploit-db.com/exploits/14726/
http://www.vupen.com/english/advisories/2010/2164

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3129
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Linux)
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Mac OS X)
3S CoDeSys CmpWebServer Multiple Vulnerabilities
Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Mac OS X
Adobe Flash Media Server multiple vulnerabilities

uTorrent File Opening Insecure Library Loading Vulnerability

Take action and discover your vulnerabilities