Out-of-Band XXE in SSDP Processing of Vuze Bitorrent Client | The Missing Link

Discovered by Chris Moberly on behalf of The Missing Link Security

Vulnerability Details

The XML parsing engine for various media server applications is vulnerable to an XML External Entity
Processing (XXE) attack. Unauthenticated attackers on the same LAN can use this vulnerability to:

- Access arbitrary files from the filesystem with the same permission as the user account running UMS.
- Initiate SMB connections to capture NetNTLM challenge/response and crack to clear-text password.
- Initiate SMB connections to relay NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.

Affected Versions

Current versions of Vuze (product remains unpatched)

Latest News