Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Summary

Name: DLL hijacking vulnerability in Wireshark® version 0.8.4 to 1.0.15

Docid: wnpa-sec-2010-09

Date: August 30, 2010

Versions affected: 0.8.4 up to and including 1.0.15

Related: wnpa-sec-2010-10 (DLL hijacking vulnerability in Wireshark® version 1.2.0 to 1.2.10)

Details

Description

Wireshark 1.0.16 fixes the following vulnerability:

  • Wireshark is vulnerable to DLL hijacking as described in Microsoft Security Advisory 2269637. This problem is fully fixed on Windows XP SP1 and later. It is partially fixed on Windows 2000 and XP without service packs. We expect to address those platforms in future releases. If you are running Wireshark on Windows 2000 or XP we recommend that you only open capture files within Wireshark. (Bug 5133)
    Versions affected: 0.8.4 to 1.0.15, 1.2.0 to 1.2.10 CVE-2010-3133

Impact

It may be possible to make Wireshark to run hostile code by placing a specially-coded DLL in the same directory as a capture file.

Resolution

Upgrade to Wireshark 1.0.16 or later.

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation