CVE-2010-3133

Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
VendorProductVersion
wiresharkwireshark
𝑥
≤ 1.2.10
wiresharkwireshark
0.99.2
wiresharkwireshark
0.99.3
wiresharkwireshark
0.99.4
wiresharkwireshark
0.99.5
wiresharkwireshark
0.99.6
wiresharkwireshark
0.99.7
wiresharkwireshark
0.99.8
wiresharkwireshark
1.0.0
wiresharkwireshark
1.0.1
wiresharkwireshark
1.0.2
wiresharkwireshark
1.0.3
wiresharkwireshark
1.0.4
wiresharkwireshark
1.0.5
wiresharkwireshark
1.0.6
wiresharkwireshark
1.0.7
wiresharkwireshark
1.0.8
wiresharkwireshark
1.0.9
wiresharkwireshark
1.0.10
wiresharkwireshark
1.0.11
wiresharkwireshark
1.0.12
wiresharkwireshark
1.2.0
wiresharkwireshark
1.2.1
wiresharkwireshark
1.2.2
wiresharkwireshark
1.2.3
wiresharkwireshark
1.2.4
wiresharkwireshark
1.2.5
wiresharkwireshark
1.2.6
wiresharkwireshark
1.2.7
wiresharkwireshark
1.2.8
wiresharkwireshark
1.2.9
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
wireshark
bullseye
3.4.10-0+deb11u1
fixed
bullseye (security)
3.4.16-0+deb11u1
fixed
bookworm
4.0.11-1~deb12u1
fixed
bookworm (security)
4.0.11-1~deb12u1
fixed
trixie
4.4.0-1
fixed
sid
4.4.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
wireshark
maverick
not-affected
lucid
not-affected
karmic
not-affected
hardy
not-affected
dapper
dne
References
http://secunia.com/advisories/41064
http://www.exploit-db.com/exploits/14721/
http://www.vupen.com/english/advisories/2010/2165
http://www.vupen.com/english/advisories/2010/2243
http://www.wireshark.org/security/wnpa-sec-2010-09.html
http://www.wireshark.org/security/wnpa-sec-2010-10.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11498
http://secunia.com/advisories/41064
http://www.exploit-db.com/exploits/14721/
http://www.vupen.com/english/advisories/2010/2165
http://www.vupen.com/english/advisories/2010/2243
http://www.wireshark.org/security/wnpa-sec-2010-09.html
http://www.wireshark.org/security/wnpa-sec-2010-10.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11498