Vulnerability Details : CVE-2010-3129
Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse plugin_dll.dll, userenv.dll, shfolder.dll, dnsapi.dll, dwmapi.dll, iphlpapi.dll, dhcpcsvc.dll, dhcpcsvc6.dll, or rpcrtremote.dll that is located in the same folder as a .torrent or .btsearch file.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2010-3129
Probability of exploitation activity in the next 30 days: 2.26%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3129
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2010-3129
-
http://www.exploit-db.com/exploits/14726
μTorrent (uTorrent) 2.0.3 - 'plugin_dll.dll' DLL Hijacking - Windows local ExploitExploit
-
http://www.exploit-db.com/exploits/14748
μTorrent (uTorrent) 2.0.3 - DLL Hijacking - Windows local Exploit
-
http://www.vupen.com/english/advisories/2010/2164
Webmail | OVH- OVHVendor Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6887
Repository / Oval Repository
Products affected by CVE-2010-3129
- cpe:2.3:a:utorrent:utorrent:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:utorrent:utorrent:1.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:utorrent:utorrent:1.7.5:*:*:*:*:*:*:*
- cpe:2.3:a:utorrent:utorrent:1.7.6:*:*:*:*:*:*:*
- cpe:2.3:a:utorrent:utorrent:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:utorrent:utorrent:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:utorrent:utorrent:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:utorrent:utorrent:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:utorrent:utorrent:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:utorrent:utorrent:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:utorrent:utorrent:1.7.4:*:*:*:*:*:*:*
- cpe:2.3:a:utorrent:utorrent:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:utorrent:utorrent:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:utorrent:utorrent:1.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:utorrent:utorrent:1.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:utorrent:utorrent:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:utorrent:utorrent:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:utorrent:utorrent:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:utorrent:utorrent:1.8.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:utorrent:utorrent:1.8:*:*:*:*:*:*:*
- cpe:2.3:a:utorrent:utorrent:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:utorrent:utorrent:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:utorrent:utorrent:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:utorrent:utorrent:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:utorrent:utorrent:1.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:utorrent:utorrent:1.8.4:*:*:*:*:*:*:*