Wireshark-bugs: [Wireshark-bugs] [Bug 5133] Wireshark vulnerable to DLL hijacking
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Fri, 27 Aug 2010 13:01:50 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5133

--- Comment #22 from Gerald Combs <gerald@xxxxxxxxxxxxx> 2010-08-27 13:01:47 PDT ---
(In reply to comment #21)
> (In reply to comment #19)
> > Is the "Read & Execute" permission enabled on the DLL?
> Interesting.  The properties dialog indicated, "This file came from another
> computer and might be blocked to help protect this computer."  There was an
> "Unblock" button, but clicking it didn't make any difference.
> 
> Before clicking it, the Permissions had the following selected under "Allow":
> Full Control, Modify, Read & Execute, Read, and Write.  In fact, only "Special
> Permissions" was not selected.  After clicking "Unblock", I didn't notice
> anything different as far as permissions goes.  The only thing that happened on
> the dialog was that the previous message and button was now grayed-out. 
> Clicking OK on the dialog and then bringing it up again no longer even displays
> the grayed-out stuff.  Hmm?
> 
> Advanced security settings had "Inherit from parent ..." checked and all
> permission entries list "Full Control" for the Permission.  Removing "Inherited
> from" and then changing the permissions to match the real airpcap.dll changed
> the Permission indication from "Full Control" to "Read & Execute", but not
> surprisingly, it also had no affect.

I forgot the obvious -- AirPcap isn't installed on my test system.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.