Wireshark-bugs: [Wireshark-bugs] [Bug 12724] New: Dll Hijacking Wireshark Portable; SHFOLDER.DLL

Date: Mon, 08 Aug 2016 19:01:08 +0000
Bug ID 12724
Summary Dll Hijacking Wireshark Portable; SHFOLDER.DLL
Product Wireshark
Version 2.0.5
Hardware x86
OS Windows 7
Status UNCONFIRMED
Severity Normal
Priority Low
Component Build process
Assignee [email protected]
Reporter [email protected]

Created attachment 14796 [details]
SHFOLDER without absolute path

Build Information:
Version 2.0.5 (v2.0.5-0-ga3be9c6 from master-2.0)

Copyright 1998-2016 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with Qt 5.3.2, with WinPcap (4_1_3), with libz 1.2.8, with
GLib 2.38.0, with SMI 0.4.8, with c-ares 1.11.0, with Lua 5.2, with GnuTLS
3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia,
with AirPcap.

Running on 32-bit Windows 7 Service Pack 1, build 7601, with locale
Portuguese_Brazil.1252, with WinPcap version 4.1.3 (packet.dll version
4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), with
GnuTLS 3.2.15, with Gcrypt 1.6.2, with AirPcap 4.1.0 build 1622.
Intel(R) Core(TM) i7-4500U CPU @ 1.80GHz (with SSE4.2), with 1023MB of physical
memory.


Built using Microsoft Visual C++ 12.0 build 40629

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
I found out that wireshark portable (v2.0.5) loads a DLL (SHFOLDER) without
supplying the absolute path, thus vulnerable to DLL Hijack. It may be possible
for an attacker to place an arbitrary DLL in specific paths in order to execute
malicious code in the context of the wireshark process.


You are receiving this mail because:
  • You are watching all bug changes.