CVE-2010-3129 Information

Description

Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allows local users and possibly remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse plugin_dll.dll userenv.dll shfolder.dll dnsapi.dll dwmapi.dll iphlpapi.dll dhcpcsvc.dll dhcpcsvc6.dll or rpcrtremote.dll that is located in the same folder as a .torrent or .btsearch file.

Reference

http://secunia.com/advisories/41051 http://www.exploit-db.com/exploits/14726 http://www.exploit-db.com/exploits/14748 http://www.vupen.com/english/advisories/2010/2164 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A6887