wnpa-sec-2016-01 · DLL hijacking vulnerability in Wireshark


Name: DLL hijacking vulnerability in Wireshark

Docid: wnpa-sec-2016-01

Date: February 26, 2016

Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9

Fixed versions: 2.0.2, 1.12.10




Wireshark is vulnerable to DLL hijacking as described in Microsoft Security Advisory 2269637. Discovered by Behzad Najjarpour Jabbari, Secunia Research at Flexera Software.


It may be possible to make Wireshark to run hostile code by placing a specially-coded DLL in the same directory as a capture file.


Upgrade to Wireshark 2.0.2, 1.12.10 or later.

Go Beyond with Riverbed Technology

Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.

I have a lot of traffic...

ANSWER: SteelCentral™ AppResponse 11
  • • Full stack analysis – from packets to pages
  • • Rich performance metrics & pre-defined insights for fast problem identification/resolution
  • • Modular, flexible solution for deeply-analyzing network & application performance
Learn More