#VU43165 Input validation error in uTorrent - CVE-2009-5134

Cybersecurity Help s.r.o.

Published: 2013-01-19 | Updated: 2020-08-11

Vulnerability identifier: #VU43165

Vulnerability risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2009-5134

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
uTorrent
Client/Desktop applications / Other client software

Vendor: utorrent.com

Description

The vulnerability allows user-assisted remote attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (application crash) and possibly execute arbitrary code via a text file containing a large string.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

uTorrent: 1.8.3

External links
https://forum.utorrent.com/viewtopic.php?id=58768
https://www.exploit-db.com/exploits/9539
https://exchange.xforce.ibmcloud.com/vulnerabilities/52907

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Input validation error in utorrent.com uTorrent