ID CVE-2010-3133
Summary Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark. Per: http://cwe.mitre.org/data/definitions/426.html CWE-426 - 'Untrusted Search Path Vulnerability'
References
Vulnerable Configurations
  • cpe:2.3:a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.99.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.99.3:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.99.3:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.99.4:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.99.4:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.99.5:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.99.5:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.99.6:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.99.7:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.99.7:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:0.99.8:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:0.99.8:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.12:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.12:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.2.7:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.2.7:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.13:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.13:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.14:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.14:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.15:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.15:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.0.16:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.0.16:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:1.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:1.2.10:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 19-09-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2013-08-19T04:00:06.415-04:00
class vulnerability
contributors
  • name SecPod Team
    organization SecPod Technologies
  • name Preeti Subramanian
    organization SecPod Technologies
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
  • name Shane Shaffer
    organization G2, Inc.
definition_extensions
comment Wireshark is installed on the system.
oval oval:org.mitre.oval:def:6589
description Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark.
family windows
id oval:org.mitre.oval:def:11498
status accepted
submitted 2010-09-09T12:48:29
title Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10
version 15
refmap via4
confirm
exploit-db 14721
secunia 41064
vupen
  • ADV-2010-2165
  • ADV-2010-2243
Last major update 19-09-2017 - 01:31
Published 26-08-2010 - 18:36
Back to Top