Vigil@nce - Wireshark sur Windows: arbitrary file removal
February 2017 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can configure WinSparkle in Wireshark for Windows, in order to delete arbitrary folders.
Impacted products: Wireshark.
Creation date: 15/12/2016.
DESCRIPTION OF THE VULNERABILITY
Wireshark for Windows includes WinSparkle.
WinSparkle delete the folder named in te the registry value HKCU\Software\Wireshark\WinSparkle Settings\UpdateTempDir. However, the user defining this value may not be allowed to remove this folder. If Wireshark is run with extended privileges, it will delete normally protected files.
An attacker can therefore configure WinSparkle in Wireshark for Windows, in order to delete arbitrary folders.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN