Added: 02/17/2010
CVE: CVE-2010-0304
BID: 37985
OSVDB: 61987
Wireshark is a network packet analyzer.
A buffer overflow vulnerability in the LWRES dissector allows command execution when a user sends a specially crafted datagram over a network which is being analyzed by Wireshark.
Upgrade to Wireshark 1.2.6 or higher.
<http://www.wireshark.org/security/wnpa-sec-2010-02.html>
Exploit works on Wireshark 1.0.3. Wireshark must be configured to capture and analyze the malicious traffic in order for the exploit to succeed.
Windows XP