Wireshark DECT Dissector PCAP File Processing Overflow

Added: 10/11/2011
CVE: CVE-2011-1591
BID: 47392
OSVDB: 71848

Background

Wireshark is a network packet analyzer.

Problem

A buffer overflow vulnerability in the DECT dissector (epan/dissectors/packet-dect.c) allows command execution via a specially crafted .pcap file.

Resolution

Upgrade to Wireshark 1.4.5 or higher.

References

http://www.wireshark.org/security/wnpa-sec-2011-06.html

Limitations

Exploit works on Wireshark 1.4.4.

The user must open the exploit file in the affected application.

The "Wireshark DECT Dissector Remote Stack Buffer Overflow" remote exploit attempts to exploit the same vulnerability. The remote exploit has additional network and PERL module limitations, but does not require user cooperation.

Platforms

Windows

Back to exploit index