Intrusion Prevention

Wireshark.PN.DCP.Data.Remote.Format.String

Description

This indicates an attack attempt to exploit a Format String vulnerability in Wireshark.
The vulnerability is caused by an error when the vulnerable software handles a malicious PN-DCP packet. It allows a remote attacker to crash the application or execute arbitrary code via sending a crafted PN-DCP packet.

Affected Products

Wireshark Wireshark 1.0.6
Wireshark Wireshark 1.0.5
Wireshark Wireshark 1.0.4
Wireshark Wireshark 1.0.3
Wireshark Wireshark 1.0.2
Wireshark Wireshark 1.0.1
Wireshark Wireshark 1.0
Wireshark Wireshark 0.99.8
Wireshark Wireshark 0.99.7
Wireshark Wireshark 0.99.6
Wireshark Wireshark 0.99.5
Wireshark Wireshark 0.99.4
Wireshark Wireshark 0.99.3
Wireshark Wireshark 0.99.2
Wireshark Wireshark 0.99.1
Wireshark Wireshark 0.99

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to the latest version, available from the web site:
http://media-2.cacetech.com/wireshark/src/wireshark-1.0.7.tar.bz2

CVE References

CVE-2009-1210