wnpa-sec-2010-09 · DLL hijacking vulnerability in Wireshark
Summary
Name: DLL hijacking vulnerability in Wireshark
Docid: wnpa-sec-2010-09
Date: August 30, 2010
Affected versions: 0.8.4 up to and including 1.0.15
Fixed versions: 1.0.16
Details
Description
Wireshark 1.0.16 fixes the following vulnerability:
-
Wireshark is vulnerable to DLL hijacking as described in
Microsoft
Security Advisory 2269637. This problem is fully fixed on
Windows XP SP1 and later. It is partially fixed on Windows 2000 and
XP without service packs. We expect to address those platforms in
future releases. If you are running Wireshark on Windows 2000 or XP
we recommend that you only open capture files within Wireshark.
(Bug
5133)
Versions affected: 0.8.4 to 1.0.15, 1.2.0 to 1.2.10 CVE-2010-3133
Impact
It may be possible to make Wireshark to run hostile code by placing a specially-coded DLL in the same directory as a capture file.
Resolution
Upgrade to Wireshark 1.0.16 or later.