Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3133 — Wireshark vulnerability

5 documents5 sources

Severity

9.3CRITICALNVD

EPSS

0.4%

top 36.76%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Wireshark Debian Wireshark

Timeline

PublishedAug 26

Latest updateMay 17

Description

Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 through 1.2.10 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse airpcap.dll, and possibly other DLLs, that is located in the same folder as a file that automatically launches Wireshark.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDwireshark/wireshark1.2.10+30

▶debiandebian/wireshark

🔴Vulnerability Details

GHSA

GHSA-4vf6-2fhm-2c5g: Untrusted search path vulnerability in Wireshark 0↗2022-05-17

▶

💥Exploits & PoCs

Exploit-DB

Wireshark 1.2.10 - 'airpcap.dll' DLL Hijacking↗2010-08-24

▶

📋Vendor Advisories

Debian

CVE-2010-3133: wireshark - Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 and 1.2.0 ...↗2010

▶

💬Community

Bugzilla

CVE-2010-4480 phpMyAdmin: XSS vulnerability via crafted BBCode tag in error.php↗2010-12-08

▶