CVE-2010-3129

Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse plugin_dll.dll, userenv.dll, shfolder.dll, dnsapi.dll, dwmapi.dll, iphlpapi.dll, dhcpcsvc.dll, dhcpcsvc6.dll, or rpcrtremote.dll that is located in the same folder as a .torrent or .btsearch file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
utorrentutorrent
1.1.1
utorrentutorrent
1.1.3
utorrentutorrent
1.1.4
utorrentutorrent
1.1.5
utorrentutorrent
1.1.6
utorrentutorrent
1.1.7
utorrentutorrent
1.2
utorrentutorrent
1.2.1
utorrentutorrent
1.2.2
utorrentutorrent
1.7
utorrentutorrent
1.7.1
utorrentutorrent
1.7.2
utorrentutorrent
1.7.4
utorrentutorrent
1.7.5
utorrentutorrent
1.7.6
utorrentutorrent
1.8
utorrentutorrent
1.8.1
utorrentutorrent
1.8.1:rc1
utorrentutorrent
1.8.2
utorrentutorrent
1.8.3
utorrentutorrent
1.8.4
utorrentutorrent
1.8.5
utorrentutorrent
2.0
utorrentutorrent
2.0.1
utorrentutorrent
2.0.2
utorrentutorrent
2.0.3
𝑥
= Vulnerable software versions
References
http://secunia.com/advisories/41051
http://www.exploit-db.com/exploits/14726
http://www.exploit-db.com/exploits/14748
http://www.vupen.com/english/advisories/2010/2164
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6887
http://secunia.com/advisories/41051
http://www.exploit-db.com/exploits/14726
http://www.exploit-db.com/exploits/14748
http://www.vupen.com/english/advisories/2010/2164
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6887