Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0364

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-0364
Last Modified 05 Sep 2008 05:34:52
Published 18 Jan 2008 06:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0364

Summary

Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1.7.5 and earlier, and 1.8-alpha-7834 and earlier in the 1.8.x series; on Windows allows remote attackers to cause a denial of service (application crash) via a long Unicode string representing a client version identifier.

Vulnerable Systems

Application

  • Bittorrent 6.0

  • Utorrent 1.7.5

  • Utorrent 1.8-alpha-7834


References

BID - 27321

XF - utorrent-peers-bo(39720)

XF - bittorrent-peers-bo(39719)

BUGTRAQ - 20080116 Peers static overflow in BitTorrent 6.0 and uTorrent 1.7.5

CONFIRM - http://download.utorrent.com/1.7.6/utorrent-1.7.6.txt

MISC - http://aluigi.org/poc/ruttorrent.zip

MISC - http://aluigi.altervista.org/adv/ruttorrent-adv.txt

SREASON - 3554

SECUNIA - 28537

SECUNIA - 28533

CONFIRM - http://forum.utorrent.com/viewtopic.php?id=29330


Last Updated: 27 May 2016 10:46:46