Secunia Research: Wireshark Insecure Library Loading Vulnerability

======================================================================

                    Secunia Research 15/03/2016

          Wireshark Insecure Library Loading Vulnerability

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Description of Vulnerabilities.......................................3
Solution.............................................................4
Time Table...........................................................5
Credits..............................................................6
References...........................................................7
About Secunia........................................................8
Verification.........................................................9

======================================================================
1) Affected Software

* Wireshark versions 1.12.0 through 1.12.9 and 2.0.0 through 2.0.1.

======================================================================
2) Severity

Rating: High critical
Impact: System Access
Where:  Remote

======================================================================
3) Description of Vulnerabilities

Secunia Research has discovered a vulnerability in Wireshark, which
can be exploited by malicious people to compromise a vulnerable
system.

The vulnerability is caused due to the application loading a library 
(riched20.dll.dll) in an insecure manner. This can be exploited to 
load arbitrary libraries by tricking a user into e.g. opening a e.g. 
".pcap" file located on a remote WebDAV or SMB share.

======================================================================
4) Solution

Update to version 1.12.10 or 2.0.2.

======================================================================
5) Time Table

31/01/2016 - Initial contact with vendor.
31/01/2016 - Vendor requests clarification of affected products.
01/02/2016 - Responded with clarification.
26/02/2016 - Release of vendor patch.
29/02/2016 - Release of Secunia Advisory SA66999
15/03/2016 - Public disclosure of Research Advisory.

======================================================================
6) Credits

Discovered by Behzad Najjarpour Jabbari, Secunia Research at Flexera
Software.

======================================================================
7) References

The Common Vulnerabilities and Exposures (CVE) project has assigned
the CVE-2016-2521 identifier for the vulnerability.

======================================================================
8) About Secunia (now part of Flexera Software)

In September 2015, Secunia has been acquired by Flexera Software:

https://secunia.com/blog/435/

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

http://secunia.com/products/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private 
individuals, who are interested in or concerned about IT-security.

http://secunia.com/advisories/

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the 
security and reliability of software in general:

http://secunia.com/secunia_research/

Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:

http://secunia.com/company/jobs/

======================================================================
9) Verification

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2016-6/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================