Wireshark Lua Script File Arbitrary Code Execution Vulnerability (Windows) Network Vulnerability

Summary

This host is installed with Wireshark and is prone to code execution vulnerability.

Impact

Successful exploitation will allow the attacker to execute arbitrary Lua script in the context of the affected application. Impact Level: System/Application

Solution

Upgrade to the Wireshark version 1.4.9, 1.6.2 or later, For updates refer to http://www.wireshark.org/download

Insight

The flaw is due to an unspecified error related to Lua scripts, which allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory.

Affected

Wireshark versions 1.4.x before 1.4.9 and 1.6.x before 1.6.2.

References

http://osvdb.org/75347
http://www.wireshark.org/security/wnpa-sec-2011-15.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6136

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3360
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Mac OS X)
Adobe AIR Code Execution and DoS Vulnerabilities Nov13 (Windows)
Adobe Captivate Insecure Library Loading Vulnerability
Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Windows)
Adobe Acrobat Multiple Unspecified Vulnerabilities - Windows

Take action and discover your vulnerabilities