AOH :: HP Unsorted B :: BX2940.HTM

BadBlue uninst.exe DoS

DDIVRT-2008-11 BadBlue uninst.exe DoS
DDIVRT-2008-11 BadBlue uninst.exe DoS

DDIVRT-2008-11 BadBlue uninst.exe DoS


Date Discovered
March 5th 2008

Discovered By
Digital Defense, Inc. Vulnerability Research Team
Credit: Steven James and r@b13$

Vulnerability Description
BadBlue is a web server used for peer-to-peer file sharing. By default, several executable files are stored in the web root: badblue.exe, uninst.exe, and dyndns.exe. Executable files stored in the web root of BadBlue can be launched remotely by any user. This can be leveraged to create a DoS condition by repeatedly invoking the uninst.exe executable. Due to the fact that BadBlue has not released a patch for the previously documented directory traversal vulnerability (CVE 2007-6378), an attacker may utilize these two flaws in conjunction to place a malicious executable in the web root and compromise a vulnerable server.

Solution Description
Restrict access to the executables already in the web root (badblue.exe, uninst.exe, and dyndns.exe) and take steps to ensure that users cannot write files to the web root.

Tested Systems / Software (with versions)
BadBlue Personal Edition version 2.72 has been tested on Windows XP and Windows Server 2003.  Other versions and systems are assumed to be vulnerable.

Vendor Contact
Vendor Name: BadBlue
Vendor Website: 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH
We do not send spam. If you have received spam bearing an email address, please forward it with full headers to