ID CVE-2010-3133
Summary Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark.
References
Vulnerable Configurations
  • Wireshark 1.0.12
    cpe:2.3:a:wireshark:wireshark:1.0.12
  • Wireshark 1.0.11
    cpe:2.3:a:wireshark:wireshark:1.0.11
  • Wireshark 1.2.7
    cpe:2.3:a:wireshark:wireshark:1.2.7
  • Wireshark 1.0.1
    cpe:2.3:a:wireshark:wireshark:1.0.1
  • Wireshark 1.2.6
    cpe:2.3:a:wireshark:wireshark:1.2.6
  • Wireshark 0.99.6
    cpe:2.3:a:wireshark:wireshark:0.99.6
  • Wireshark 0.99.7
    cpe:2.3:a:wireshark:wireshark:0.99.7
  • Wireshark 1.0.5
    cpe:2.3:a:wireshark:wireshark:1.0.5
  • Wireshark 1.0.7
    cpe:2.3:a:wireshark:wireshark:1.0.7
  • Wireshark 0.99.8
    cpe:2.3:a:wireshark:wireshark:0.99.8
  • Wireshark 1.0.9
    cpe:2.3:a:wireshark:wireshark:1.0.9
  • Wireshark 1.0.10
    cpe:2.3:a:wireshark:wireshark:1.0.10
  • Wireshark 1.2.5
    cpe:2.3:a:wireshark:wireshark:1.2.5
  • Wireshark 1.0.2
    cpe:2.3:a:wireshark:wireshark:1.0.2
  • Wireshark 1.2.1
    cpe:2.3:a:wireshark:wireshark:1.2.1
  • Wireshark 1.0.3
    cpe:2.3:a:wireshark:wireshark:1.0.3
  • Wireshark 1.0.6
    cpe:2.3:a:wireshark:wireshark:1.0.6
  • Wireshark 1.0.4
    cpe:2.3:a:wireshark:wireshark:1.0.4
  • Wireshark 0.99.5
    cpe:2.3:a:wireshark:wireshark:0.99.5
  • Wireshark 0.99.4
    cpe:2.3:a:wireshark:wireshark:0.99.4
  • Wireshark 0.99.3
    cpe:2.3:a:wireshark:wireshark:0.99.3
  • Wireshark 1.0.8
    cpe:2.3:a:wireshark:wireshark:1.0.8
  • Wireshark 1.2.3
    cpe:2.3:a:wireshark:wireshark:1.2.3
  • Wireshark 1.2.0
    cpe:2.3:a:wireshark:wireshark:1.2.0
  • Wireshark 1.2.4
    cpe:2.3:a:wireshark:wireshark:1.2.4
  • Wireshark 1.2.2
    cpe:2.3:a:wireshark:wireshark:1.2.2
  • Wireshark 0.99.2
    cpe:2.3:a:wireshark:wireshark:0.99.2
  • Wireshark 1.0.0
    cpe:2.3:a:wireshark:wireshark:1.0.0
  • Wireshark 1.2.9
    cpe:2.3:a:wireshark:wireshark:1.2.9
  • Wireshark 1.2.8
    cpe:2.3:a:wireshark:wireshark:1.2.8
  • Wireshark 1.2.10
    cpe:2.3:a:wireshark:wireshark:1.2.10
CVSS
Base: 9.3 (as of 27-08-2010 - 09:12)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Wireshark <= 1.2.10 DLL Hijacking Exploit (airpcap.dll). CVE-2010-3133. Local exploit for windows platform
file exploits/windows/local/14721.c
id EDB-ID:14721
last seen 2016-02-01
modified 2010-08-24
platform windows
port
published 2010-08-24
reporter TheLeader
source https://www.exploit-db.com/download/14721/
title Wireshark <= 1.2.10 DLL Hijacking Exploit airpcap.dll
type local
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201110-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-201110-02 (Wireshark: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Wireshark. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could send specially crafted packets on a network being monitored by Wireshark, entice a user to open a malformed packet trace file using Wireshark, or deploy a specially crafted Lua script for use by Wireshark, possibly resulting in the execution of arbitrary code, or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 56426
    published 2011-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56426
    title GLSA-201110-02 : Wireshark: Multiple vulnerabilities
  • NASL family Windows
    NASL id WIRESHARK_1_2_11.NASL
    description The installed version of Wireshark or Ethereal is 1.2.0 - 1.2.10 or 0.8.4 - 1.0.15. Such versions are affected by the following vulnerability : - The application uses a fixed path to look for specific files or libraries, such as for 'airpcap.dll', and this path includes directories that may not be trusted or under user control. If a malicious DLL with the same name as a required DLL is located in the application's current working directory, the malicious DLL will be loaded. (Bug 5133)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 48943
    published 2010-08-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48943
    title Wireshark / Ethereal < 1.2.11 / 1.0.16 Path Subversion Arbitrary DLL Injection Code Execution
oval via4
accepted 2013-08-19T04:00:06.415-04:00
class vulnerability
contributors
  • name SecPod Team
    organization SecPod Technologies
  • name Preeti Subramanian
    organization SecPod Technologies
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
comment Wireshark is installed on the system.
oval oval:org.mitre.oval:def:6589
description Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark.
family windows
id oval:org.mitre.oval:def:11498
status accepted
submitted 2010-09-09T12:48:29
title Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10
version 15
refmap via4
confirm
exploit-db 14721
secunia 41064
vupen
  • ADV-2010-2165
  • ADV-2010-2243
Last major update 19-07-2011 - 00:00
Published 26-08-2010 - 14:36
Last modified 18-09-2017 - 21:31
Back to Top