Vulnerability Details CVE-2010-3133
Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.4%
CVSS Severity
CVSS v2 Score 9.3
References
- http://secunia.com/advisories/41064
- http://www.exploit-db.com/exploits/14721/
- http://www.vupen.com/english/advisories/2010/2165
- http://www.vupen.com/english/advisories/2010/2243
- http://www.wireshark.org/security/wnpa-sec-2010-09.html
- http://www.wireshark.org/security/wnpa-sec-2010-10.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11498
- http://secunia.com/advisories/41064
- http://www.exploit-db.com/exploits/14721/
- http://www.vupen.com/english/advisories/2010/2165
- http://www.vupen.com/english/advisories/2010/2243
- http://www.wireshark.org/security/wnpa-sec-2010-09.html
- http://www.wireshark.org/security/wnpa-sec-2010-10.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11498
Products affected by CVE-2010-3133
-
cpe:2.3:a:wireshark:wireshark:0.10.1
-
cpe:2.3:a:wireshark:wireshark:0.99.2
-
cpe:2.3:a:wireshark:wireshark:0.99.3
-
cpe:2.3:a:wireshark:wireshark:0.99.4
-
cpe:2.3:a:wireshark:wireshark:0.99.5
-
cpe:2.3:a:wireshark:wireshark:0.99.6
-
cpe:2.3:a:wireshark:wireshark:0.99.7
-
cpe:2.3:a:wireshark:wireshark:0.99.8
-
cpe:2.3:a:wireshark:wireshark:1.0.0
-
cpe:2.3:a:wireshark:wireshark:1.0.1
-
cpe:2.3:a:wireshark:wireshark:1.0.10
-
cpe:2.3:a:wireshark:wireshark:1.0.11
-
cpe:2.3:a:wireshark:wireshark:1.0.12
-
cpe:2.3:a:wireshark:wireshark:1.0.13
-
cpe:2.3:a:wireshark:wireshark:1.0.14
-
cpe:2.3:a:wireshark:wireshark:1.0.15
-
cpe:2.3:a:wireshark:wireshark:1.0.16
-
cpe:2.3:a:wireshark:wireshark:1.0.2
-
cpe:2.3:a:wireshark:wireshark:1.0.3
-
cpe:2.3:a:wireshark:wireshark:1.0.4
-
cpe:2.3:a:wireshark:wireshark:1.0.5
-
cpe:2.3:a:wireshark:wireshark:1.0.6
-
cpe:2.3:a:wireshark:wireshark:1.0.7
-
cpe:2.3:a:wireshark:wireshark:1.0.8
-
cpe:2.3:a:wireshark:wireshark:1.0.9
-
cpe:2.3:a:wireshark:wireshark:1.2.0
-
cpe:2.3:a:wireshark:wireshark:1.2.1
-
cpe:2.3:a:wireshark:wireshark:1.2.10
-
cpe:2.3:a:wireshark:wireshark:1.2.2
-
cpe:2.3:a:wireshark:wireshark:1.2.3
-
cpe:2.3:a:wireshark:wireshark:1.2.4
-
cpe:2.3:a:wireshark:wireshark:1.2.5
-
cpe:2.3:a:wireshark:wireshark:1.2.6
-
cpe:2.3:a:wireshark:wireshark:1.2.7
-
cpe:2.3:a:wireshark:wireshark:1.2.8
-
cpe:2.3:a:wireshark:wireshark:1.2.9