CVE-2010-0103
published 2010-03-10CVE-2010-0103: UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32…
PriorityP263critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
27.43%
97.8th percentile
UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777.
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
XOR key 0xE5 applied to all command/data bytes
- →Detect the backdoor by scanning for TCP port 7777 listeners; the Metasploit scanner module specifically targets this port to identify infected hosts. ↗
- →All C2 protocol data (commands and payloads) sent to TCP/7777 is XOR-encoded with the single-byte key 0xE5. Network signatures should decode with this key to identify command GUIDs. ↗
- →Look for the presence of Arucer.dll in %WINDIR%\system32 as a host-based indicator of compromise. ↗
- →The backdoor drops a randomly named executable to C:\ (12 random alphanumeric characters + .exe) before executing it; monitor for short-lived executables written to the filesystem root. ↗
- →Protocol framing: each command block begins with a 4-byte little-endian length field followed by the XOR-0xE5-encoded GUID string and a null terminator. Use this structure for deep-packet inspection rules on TCP/7777. ↗
- ·The backdoor is only present on Windows systems that had the Energizer DUO USB battery charger software installed; UsbCharger.dll installs Arucer.dll into system32 as part of the software package. ↗
- ·The backdoor listens on TCP/7777 with no authentication; any remote attacker with network access to that port can upload and execute arbitrary code without credentials. ↗
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Energizer DUO USB up to 7777 Backdoor UsbCharger.dll code injection (VU#154421 / Nessus ID 45006)
vuldb·2026-05-02·CVSS 9.3
CVE-2010-0103 [CRITICAL] Energizer DUO USB up to 7777 Backdoor UsbCharger.dll code injection (VU#154421 / Nessus ID 45006)
A vulnerability described as critical has been identified in Energizer DUO USB up to 7777. Affected is an unknown function in the library UsbCharger.dll of the component Backdoor. Such manipulation leads to code injection.
This vulnerability is documented as CVE-2010-0103. The attack can be executed remotely. Additionally, an exploit exists.
GHSA
GHSA-r443-h767-83gp: UsbCharger
ghsa_unreviewed·2022-05-02
CVE-2010-0103 [HIGH] CWE-94 GHSA-r443-h767-83gp: UsbCharger
UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777.
Red Hat
squirrelmail: not fixed in RHSA-2012:0103
vendor_redhat·2012-04-20·CVSS 5.0
CVE-2012-2124 [MEDIUM] squirrelmail: not fixed in RHSA-2012:0103
squirrelmail: not fixed in RHSA-2012:0103
functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preference files. NOTE: this issue exists because of an incorrect fix for CVE-2010-2813.
Package: squirrelmail (Red Hat Enterprise Linux 4) - Will not fix
No detection rules found.
Exploit-DB
Arugizer Trojan Horse (Energizer DUO) - Code Execution (Metasploit)
exploitdb·2010-09-20
CVE-2010-0103 Arugizer Trojan Horse (Energizer DUO) - Code Execution (Metasploit)
Arugizer Trojan Horse (Energizer DUO) - Code Execution (Metasploit)
---
##
# $Id: energizer_duo_payload.rb 10389 2010-09-20 04:38:13Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Energizer DUO Trojan Code Execution',
'Description' => %q{
This module will execute an arbitrary payload against
any system infected with the Arugizer trojan horse. This
backdoor was shipped with the software package accompanying
the Energizer Duo USB battery charger.
},
'Author' => [ 'hdm' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 10389 $',
Exploit-DB
Apache OFBiz - Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2010-04-21·CVSS 4.3
CVE-2010-0432 [MEDIUM] Apache OFBiz - Multiple Cross-Site Scripting Vulnerabilities
Apache OFBiz - Multiple Cross-Site Scripting Vulnerabilities
---
Bonsai Information Security - Advisory
http://www.bonsai-sec.com/research/
Multiple XSS in Apache OFBiz
1. *Advisory Information*
Title: Multiple XSS in Apache OFBiz
Advisory ID: BONSAI-2010-0103
Advisory URL: http://www.bonsai-sec.com/research/vulnerabilities/apacheofbiz-multiple-xss-0103.php
Date published: 2010-04-13
Vendors contacted: Apache Software Foundation
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Multiple Cross Site Scripting (XSS)
Remotely Exploitable: Yes
Locally Exploitable: Yes
CVE Name: CVE-2010-0432
3. *Software Description*
Apache Open For Business (Apache OFBiz) is a community-driven
Open Source Enterprise Resource Planning (ERP) system.
It provides a suite of enterpr
Metasploit
Energizer DUO Trojan Scanner
metasploit
Energizer DUO Trojan Scanner
Energizer DUO Trojan Scanner
Detect instances of the Energizer DUO trojan horse software on port 7777.
Metasploit
Energizer DUO USB Battery Charger Arucer.dll Trojan Code Execution
metasploit
Energizer DUO USB Battery Charger Arucer.dll Trojan Code Execution
Energizer DUO USB Battery Charger Arucer.dll Trojan Code Execution
This module will execute an arbitrary payload against any system infected with the Arugizer trojan horse. This backdoor was shipped with the software package accompanying the Energizer DUO USB battery charger.
Greynoiseio
NoiseLetter March 2026
blogs_greynoiseio
NoiseLetter March 2026
Events, events… and yes, even more events. 🌍 GreyNoise has been on the move. March kept us busy with stops at eCrimes in London and SecIT in Hanover—but we’re just getting started. Over the next few months, we’ll be hitting the road for CrowdStrike CrowdTours across eight cities, heading to Glasgow to speak and sponsor CyberUK, and making our way to Tampa for H-ISAC. If you’ll be at any of these (or nearby), we’d love to connect.
And while we’ve been racking up miles, we haven’t slowed down on the research front. We’ve just released some exciting new findings—with even more coming in the next few weeks—so keep an eye out.
Thanks, as always, for being part of the GreyNoise community.
Featured
About this new report
Every enterprise firewall processes traffic from residential IP space. T
Bugzilla
CVE-2012-2124 squirrelmail: CVE-2010-2813 not fixed in RHSA-2012:0103
bugzilla·2012-04-20·CVSS 5.0
CVE-2012-2124 [MEDIUM] CVE-2012-2124 squirrelmail: CVE-2010-2813 not fixed in RHSA-2012:0103
CVE-2012-2124 squirrelmail: CVE-2010-2813 not fixed in RHSA-2012:0103
A Red Hat Security Advisory RHSA-2012:0103 for squirrelmail packages shipped in Red Hat Enterprise Linux 4 and 5 claim to have fixed CVE-2010-2813 issue ("CVE-2010-2813 SquirrelMail: DoS (disk space consumption) by random IMAP login attempts with 8-bit characters in the password", bug #618096). However, the patch for this issue was not applied correctly and hence the issue was not fixed as stated in the advisory.
Discussion:
CVE assignment notification:
http://www.openwall.com/lists/oss-security/2012/04/20/22
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2013:0126 https://rhn.redhat.com/errata/RHSA-2013-0126.html
http://www.kb.cert.org/vuls/id/154421http://www.marketwatch.com/story/energizer-announces-duo-charger-and-usb-charger-software-problem-2010-03-05http://www.securityfocus.com/bid/38571http://www.symantec.com/connect/blogs/trojan-found-usb-battery-charger-softwarehttp://www.kb.cert.org/vuls/id/154421http://www.marketwatch.com/story/energizer-announces-duo-charger-and-usb-charger-software-problem-2010-03-05http://www.securityfocus.com/bid/38571http://www.symantec.com/connect/blogs/trojan-found-usb-battery-charger-software
2010-03-10
Published