CVE-2008-0364

BitTorrent < 6.0 and uTorrent < 1.7.5 - Buffer Overflow via Long Unicode Client Version String

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0364. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary This is a vulnerability writeup describing a remote code execution flaw in BitTorrent and uTorrent due to inadequate boundary checks on user-supplied data. The issue affects versions BitTorrent 6.0, uTorrent 1.7.5, and uTorrent 1.8-alpha-7834, with potential impacts including arbitrary code execution or denial of service.

Description

Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1.7.5 and earlier, and 1.8-alpha-7834 and earlier in the 1.8.x series; on Windows allows remote attackers to cause a denial of service (application crash) via a long Unicode string representing a client version identifier.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Luigi Auriemma · textremotewindows

https://www.exploit-db.com/exploits/31032

View Code ZIP pw:eip

This is a vulnerability writeup describing a remote code execution flaw in BitTorrent and uTorrent due to inadequate boundary checks on user-supplied data. The issue affects versions BitTorrent 6.0, uTorrent 1.7.5, and uTorrent 1.8-alpha-7834, with potential impacts including arbitrary code execution or denial of service.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: BitTorrent 6.0, uTorrent 1.7.5, uTorrent 1.8-alpha-7834

No auth needed

Prerequisites: Network access to the target application · Ability to send crafted input to the vulnerable application

MITRE ATT&CK