Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 5133] Wireshark vulnerable to DLL hijacking

Wireshark-bugs: [Wireshark-bugs] [Bug 5133] Wireshark vulnerable to DLL hijacking

Date: Wed, 25 Aug 2010 13:55:00 -0700 (PDT)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5133

--- Comment #5 from Gerald Combs <gerald@xxxxxxxxxxxxx> 2010-08-25 13:54:54 PDT ---
Fixes have been checked in in revisions 33916, 33917, and 33924. 33916 and
33917 add SetDllDirectory calls to Wireshark and dumpcap. 33924 adds "safe"
wrappers for LoadLibrary and g_module_open.

With the call to SetDllDirectory in place wireshark.exe and dumpcap.exe still
try to load airpcap.dll, wpcap.dll, packet.dll, and npf.sys from the CWD. With
both fixes in place those DLLs aren't loaded from the CWD. However, Process
Monitor still shows attempts to load SortServer2003Compat.dll. 

I can't find any information on this DLL. If there is a problem here I'm
assuming that it's something Microsoft will have to fix.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

References:
- [Wireshark-bugs] [Bug 5133] New: Wireshark vulnerable to DLL hijacking
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 4655] ChmodBPF "Insecure Startup Item disabled"
Next by Date: [Wireshark-bugs] [Bug 5133] Wireshark vulnerable to DLL hijacking
Previous by thread: [Wireshark-bugs] [Bug 5133] Wireshark vulnerable to DLL hijacking
Next by thread: [Wireshark-bugs] [Bug 5133] Wireshark vulnerable to DLL hijacking
Index(es):
- Date
- Thread