CVE-2010-3133

high

Description

Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11498

http://www.wireshark.org/security/wnpa-sec-2010-10.html

http://www.wireshark.org/security/wnpa-sec-2010-09.html

http://www.vupen.com/english/advisories/2010/2243

http://www.vupen.com/english/advisories/2010/2165

http://secunia.com/advisories/41064

Details

Source: Mitre, NVD

Published: 2010-08-26

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High