Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4434

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-4434
Last Modified 07 Mar 2011 10:12:27
Published 03 Oct 2008 06:22:45
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4434

Summary

Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and earlier and (2) BitTorrent 6.0.3 build 8642 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Created By field in a .torrent file.

Vulnerable Systems

Application

  • Bittorrent 3.9.1

  • Bittorrent 4.0.0

  • Bittorrent 4.0.1

  • Bittorrent 4.0.2

  • Bittorrent 4.0.3

  • Bittorrent 4.0.4

  • Bittorrent 4.1.0

  • Bittorrent 4.1.1

  • Bittorrent 4.1.2

  • Bittorrent 4.1.3

  • Bittorrent 4.1.4

  • Bittorrent 4.1.5

  • Bittorrent 4.1.6

  • Bittorrent 4.1.7

  • Bittorrent 4.1.8

  • Bittorrent 4.2.0

  • Bittorrent 4.2.1

  • Bittorrent 4.2.2

  • Bittorrent 4.20.0

  • Bittorrent 4.20.1

  • Bittorrent 4.20.2

  • Bittorrent 4.20.3

  • Bittorrent 4.20.4

  • Bittorrent 4.20.6

  • Bittorrent 4.20.7

  • Bittorrent 4.20.8

  • Bittorrent 4.20.9

  • Bittorrent 4.22.0

  • Bittorrent 4.22.1

  • Bittorrent 4.22.4

  • Bittorrent 4.24.0

  • Bittorrent 4.24.2

  • Bittorrent 4.26.0

  • Bittorrent 4.27.1

  • Bittorrent 4.27.2

  • Bittorrent 4.3.0

  • Bittorrent 4.3.1

  • Bittorrent 4.3.2

  • Bittorrent 4.3.3

  • Bittorrent 4.3.4

  • Bittorrent 4.3.5

  • Bittorrent 4.3.6

  • Bittorrent 4.4.0

  • Bittorrent 4.4.1

  • Bittorrent 4.9.2

  • Bittorrent 4.9.3

  • Bittorrent 4.9.4

  • Bittorrent 4.9.5

  • Bittorrent 4.9.6

  • Bittorrent 4.9.7

  • Bittorrent 4.9.8

  • Bittorrent 4.9.9

  • Bittorrent 5.0.0

  • Bittorrent 5.0.1

  • Bittorrent 5.0.2

  • Bittorrent 5.0.3

  • Bittorrent 5.0.4

  • Bittorrent 5.0.5

  • Bittorrent 5.0.6

  • Bittorrent 5.0.7

  • Bittorrent 5.0.8

  • Bittorrent 5.0.9

  • Bittorrent 5.2.0

  • Bittorrent 6.0

  • Bittorrent 6.0.1

  • Bittorrent 6.0.2

  • Bittorrent 6.0.3

  • Utorrent 1.1.1

  • Utorrent 1.1.3

  • Utorrent 1.1.4

  • Utorrent 1.1.5

  • Utorrent 1.1.6

  • Utorrent 1.1.7

  • Utorrent 1.2

  • Utorrent 1.2.1

  • Utorrent 1.2.2

  • Utorrent 1.3

  • Utorrent 1.4

  • Utorrent 1.4.2

  • Utorrent 1.5

  • Utorrent 1.6

  • Utorrent 1.7

  • Utorrent 1.7.1

  • Utorrent 1.7.2

  • Utorrent 1.7.3

  • Utorrent 1.7.4

  • Utorrent 1.7.5

  • Utorrent 1.7.6

  • Utorrent 1.7.7


References

XF - bittorrent-utorrent-createdby-bo(44404)

VUPEN - ADV-2008-2341

VUPEN - ADV-2008-2340

SECTRACK - 1020664

BID - 30653

SECUNIA - 31445

SECUNIA - 31441

MLIST - [dailydave] 20080811 A new datapoint for 0day lifetime

MISC - http://lists.immunitysec.com/pipermail/dailydave/attachments/20080811/35d6194b/attachment-0001.pdf

CONFIRM - http://forum.utorrent.com/viewtopic.php?id=44003


Last Updated: 27 May 2016 10:48:30