CVE-2008-0071
published 2008-06-16CVE-2008-0071: The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) uTorrent before 1.8beta build 10524 allows remote attackers to cause a denial of service…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
7.19%
93.5th percentile
The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) uTorrent before 1.8beta build 10524 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a malformed Range header.
Affected
90 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bittorrent | bittorrent | <= 6.0.1 | — |
| bittorrent | bittorrent | <= 6.0.2 | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
| bittorrent | bittorrent | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
vendor_redhat7.3HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xw3m-wfv2-qhh9: Buffer overflow in the web interface in BitTorrent 6
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2008-7166 [MEDIUM] CWE-119 GHSA-xw3m-wfv2-qhh9: Buffer overflow in the web interface in BitTorrent 6
Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859) and earlier, and uTorrent 1.7.6 (build 7859) and earlier, allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted Range header. NOTE: this is probably a different vulnerability than CVE-2008-0071 and CVE-2008-0364.
GHSA
GHSA-2crc-x37f-94vp: The Web UI interface in (1) BitTorrent before 6
ghsa_unreviewed·2022-05-01
CVE-2008-0071 [MEDIUM] CWE-20 GHSA-2crc-x37f-94vp: The Web UI interface in (1) BitTorrent before 6
The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) uTorrent before 1.8beta build 10524 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a malformed Range header.
Red Hat
xterm: arbitrary command injection
vendor_redhat·2008-12-29·CVSS 7.3
CVE-2008-2383 [HIGH] xterm: arbitrary command injection
xterm: arbitrary command injection
CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.
No detection rules found.
Talos
Flash Vulnerability Info
blogs_talos·2008-05-30·CVSS 9.3
[CRITICAL] Flash Vulnerability Info
## Flash Vulnerability Info
On 5-27-2008 Symantec issued a 0-day vulnerability alert pertaining to malicious flash (SWF) files circulating in the wild. The initial Symantec report stated that this issue was unknown and that it affected the latest version 9.0.124.0 of flash player and several other Adobe products that processed SWF files. Further analysis of the exploit files determined that the initial categorization of this as 0-day was incorrect and that this was actually a working implementation of the vulnerability described by Mark Dowd of the IBM X-Force team.
For more details on this flash vulnerability (CVE-2007-0071) then take a look at our analysis here:
http://www.snort.org/vrt/docs/analysis/flash-cve-2007-0071.html
Enjoy.
Talos
Flash Vulnerability Info
blogs_talos·2008-05-30·CVSS 9.3
[CRITICAL] Flash Vulnerability Info
On 5-27-2008 Symantec issued a 0-day vulnerability alert pertaining to malicious flash (SWF) files circulating in the wild. The initial Symantec report stated that this issue was unknown and that it affected the latest version 9.0.124.0 of flash player and several other Adobe products that processed SWF files. Further analysis of the exploit files determined that the initial categorization of this as 0-day was incorrect and that this was actually a working implementation of the vulnerability described by Mark Dowd of the IBM X-Force team.
For more details on this flash vulnerability (CVE-2007-0071) then take a look at our analysis here:
http://www.snort.org/vrt/docs/analysis/flash-cve-2007-0071.html
Enjoy.
Bugzilla
CVE-2007-0071 Flash Player input validation error
bugzilla·2008-04-04·CVSS 9.3
CVE-2007-0071 [CRITICAL] CVE-2007-0071 Flash Player input validation error
CVE-2007-0071 Flash Player input validation error
Adobe Flash Player 9.0.124.0 fixes input validation errors that could result in
the execution of arbitrary code with the permissions of the user running Flash
Player.
Discussion:
Public now via:
http://www.adobe.com/support/security/bulletins/apsb08-11.html
Lifting embargo.
---
This issue was addressed in:
Red Hat Enterprise Linux Extras:
http://rhn.redhat.com/errata/RHSA-2008-0221.html
http://secunia.com/advisories/28703http://secunia.com/advisories/30605http://secunia.com/secunia_research/2008-7/advisory/http://securityreason.com/securityalert/3943http://securitytracker.com/id?1020266http://www.securityfocus.com/archive/1/493269/100/0/threadedhttp://www.securityfocus.com/bid/29661http://www.securitytracker.com/id?1020265http://www.vupen.com/english/advisories/2008/1808http://www.vupen.com/english/advisories/2008/1809https://www.exploit-db.com/exploits/5918http://secunia.com/advisories/28703http://secunia.com/advisories/30605http://secunia.com/secunia_research/2008-7/advisory/http://securityreason.com/securityalert/3943http://securitytracker.com/id?1020266http://www.securityfocus.com/archive/1/493269/100/0/threadedhttp://www.securityfocus.com/bid/29661http://www.securitytracker.com/id?1020265http://www.vupen.com/english/advisories/2008/1808http://www.vupen.com/english/advisories/2008/1809https://www.exploit-db.com/exploits/5918
2008-06-16
Published