SB2018022106 - Multiple vulnerabilities in uTorrent

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018022106

SB2018022106 - Multiple vulnerabilities in uTorrent

Published: February 21, 2018

Security Bulletin ID SB2018022106
Severity
Low
Patch available
NO
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Information disclosure

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Security restrictions bypass (CVE-ID: N/A)

The vulnerability allows a remote attacker to bypass security restriction on the target system.

The weakness exists due to perform DNS rebinding attack, host JavaScript code on a website to create a bridge to the local network, bypass the same-origin policy (SOP), change the download directory to the Startup folder in Windows and download an executable file to any writable location, which would run on every startup.

2) Information disclosure (CVE-ID: N/A)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper access and privileges controls. A remote attacker can bypass ASLR and GS exploit mitigations and obtain the targeted user’s download history.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References