wnpa-sec-2011-15 · Wireshark Lua script execution vulnerability
Summary
Name: Wireshark Lua script execution vulnerability
Docid: wnpa-sec-2011-15
Date: September 7, 2011
Affected versions: 1.6.0 to 1.6.1, 1.4.0 to 1.4.8
Fixed versions: 1.6.2, 1.4.9
References:
Details
Description
Wireshark could run arbitrary Lua scripts.
Impact
It may be possible to make Wireshark run arbitrary code using a method similar to DLL hijacking.
Resolution
Upgrade to Wireshark 1.6.2, 1.4.9 or later.