uTorrent - exploit.company

vendor:

uTorrent

by:

Dr_IDE

7,2

CVSS

HIGH

Dll Hijacking

427

CWE

Product Name: uTorrent

Affected Version From: 2.0.3

Affected Version To: 2.0.3

Patch Exists: YES

Related CWE: N/A

CPE: a:bittorrent:utorrent

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7RC

2009

uTorrent <=2.0.3 Dll Hijacking Local Exploits

If the payload .DLL file is renamed to any of these files and placed in the utorrent.exe directory, the payload will be executed with users' credentials: userenv.dll, shfolder.dll, dnsapi.dll, dwmapi.dll, iphlpapi.dll, dhcpcsvc.dll, dhcpcsvc6.dll, rpcrtremote.dll

Mitigation:

Ensure that all DLLs are stored in a secure location and are not accessible to malicious actors.

Source

Exploit-DB raw data:

###########################################################################
#
# Title: 	uTorrent <=2.0.3 Dll Hijacking Local Exploits
# By:		Dr_IDE
# Tested:	Windows 7RC
# Note:		These are additional DLL's with unsafe Load Paths
# Reference:	http://www.exploit-db.com/exploits/14726/
#
############################################################################

If the payload .DLL file is renamed to any of these files and placed in the 
utorrent.exe directory, the payload will be executed with users' credentials.

	-userenv.dll

	-shfolder.dll
	
	-dnsapi.dll

	-dwmapi.dll

	-iphlpapi.dll

	-dhcpcsvc.dll

	-dhcpcsvc6.dll

	-rpcrtremote.dll

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/14748.tar.gz (Dr_IDE.bind.dll.tar.gz)

#[pocoftheday.blogspot.com]