Summary
This host is installed with Wireshark and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let the attacker cause denial of service to the application by crafting malicious packets.
Solution
Upgrade to the latest version 1.0.6
http://www.wireshark.org/download.html
Insight
Multiple flaws are due to,
- a boundary error in the processing of NetScreen Snoop capture files.
- format string vulnerability in wireshark through format string specifiers in the HOME environment variable.
- improper handling of Tektronix K12 text capture files as demonstrated by a file with exactly one frame.
Affected
Wireshark for Windows version 1.0.5 and prior.
References
Severity
Classification
-
CVE CVE-2009-0599, CVE-2009-0600, CVE-2009-0601 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- ClamAV LZH File Unpacking Denial of Service Vulnerability (Win)
- Asterisk T.38 Negotiation Remote Denial Of Service Vulnerability
- Apache APR-Utils Multiple Denial of Service Vulnerabilities
- Apple Safari WebKit Property Memory Leak Remote DoS Vulnerability
- Apple Safari 'WebKit.dll' Stack Consumption Vulnerability