Wireshark-bugs: [Wireshark-bugs] [Bug 5133] Wireshark vulnerable to DLL hijacking
Date: Fri, 27 Aug 2010 11:25:55 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5133

--- Comment #20 from Gerald Combs <gerald@xxxxxxxxxxxxx> 2010-08-27 11:25:54 PDT ---
(In reply to comment #18)
> (In reply to comment #17)
> > While SetDllDirectory is recommended over SetCurrentDirectory, since
> > SetDllDirectory isn't available, maybe calling something like
> > SetCurrentDirectory("C:\Program Files\Wireshark\") would help when
> > double-clicking a capture file to launch wireshark.exe on Windows < XP SP1?
> 
> That works for my test case on Windows 2000. A fix has been checked in for 1.0
> (r33953). I'll start porting it over to the 1.2, 1.4, and the trunk.

Never mind. You can still trigger the bug on 1.0 via Capture→Options. 

The problem should be fixed completely for Windows XP SP1 and later. Otherwise
a vulnerability exists if ALL of the following are true:

  - You are running Windows 2000 or XP-sans-SP, or if SetDllDirectory
    fails for some reason.
  - You start Wireshark by opening a file in a directory which contains
    a hostile DLL.
  - You cause one of Wireshark's underlying libraries to call LoadLibrary
    or g_module_open with a relative path. This happens with WinPcap 4.1.2
    when you open Capture→Options in 1.0 or at startup in 1.2 or 1.4.

Gianluca is working on a fix for WinPcap but it probably won't be available
until late next week at the earliest. I'm planning on releasing 1.4.0, 1.2.11,
and 1.0.16 Monday or Tuesday (the 30th or 31st) with another release after
WinPcap is updated.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.