| VID |
28282 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Wireshark which is older than 1.2.11/1.0.16 has been installed on the host. Wireshark is a free packet analyzer computer application. The installed version of Wireshark or Ethereal is vulnerable to DLL Injection Code Execution vulnerability.
- The application uses a fixed path to look for specific files or libraries, such as for 'airpcap.dll', and this path includes directories that may not be trusted or under user control. If a malicious DLL with the same name as a required DLL is located in the application's current working directory, the malicious DLL will be loaded. (Bug 5133)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of this condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://msdn.microsoft.com/en-us/library/ff919712(VS.85).aspx
http://www.acrossecurity.com/aspr/ASPR-2010-08-18-1-PUB.txt
http://blog.rapid7.com/?p=5325
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5133
http://www.wireshark.org/security/wnpa-sec-2010-09.html
http://www.wireshark.org/security/wnpa-sec-2010-10.html
* Platforms Affected:
Wireshark versions prior to 1.2.11 / 1.0.16
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version Wireshark (1.2.11/1.0.16 or later), available from the Wireshark.org Web site at http://www.wireshark.org/download.html |
| Related URL |
CVE-2010-3133 (CVE) |
| Related URL |
42630 (SecurityFocus) |
| Related URL |
(ISS) |
|
