Wireshark Lua Untrusted Search Path vulnerability
Added: 11/25/2011CVE: CVE-2011-3360
BID: 49528
OSVDB: 75347
Background
Wireshark is a network packet analyzer.Problem
A vulnerability in Wireshark allows execution of arbitrary Lua scripts placed in untrusted directories which are included in Wireshark's search path.Resolution
Upgrade to Wireshark 1.4.9 or 1.6.2 or higher.References
http://www.wireshark.org/security/wnpa-sec-2011-15.htmlLimitations
Exploit works on Wireshark 1.6.0 and requires a user to open the PCAP file on the specified network share.The smbclient program must be available on the SAINTexploit host.
Platforms
WindowsBack to exploit index