CVE-2008-4434

Sažetak

Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and earlier and (2) BitTorrent 6.0.3 build 8642 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Created By field in a .torrent file.

Reference

http://forum.utorrent.com/viewtopic.php?id=44003
http://lists.immunitysec.com/pipermail/dailydave/attachments/20080811/35d6194b/attachment-0001.pdf
http://seclists.org/dailydave/2008/q3/0155.html
http://secunia.com/advisories/31441
http://secunia.com/advisories/31445
http://www.securityfocus.com/bid/30653
http://www.securitytracker.com/id?1020664
http://www.vupen.com/english/advisories/2008/2340
http://www.vupen.com/english/advisories/2008/2341
https://exchange.xforce.ibmcloud.com/vulnerabilities/44404

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

08-08-2017 - 01:32

Objavljeno

03-10-2008 - 22:22