The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability 21390

Wireshark sur Windows: arbitrary file removal

Synthesis of the vulnerability

An attacker can configure WinSparkle in Wireshark for Windows, in order to delete arbitrary folders.
Impacted products: Wireshark.
Severity: 2/4.
Creation date: 15/12/2016.
Identifiers: 13217, VIGILANCE-VUL-21390.

Description of the vulnerability

Wireshark for Windows includes WinSparkle.

WinSparkle delete the folder named in te the registry value HKCU\Software\Wireshark\WinSparkle Settings\UpdateTempDir. However, the user defining this value may not be allowed to remove this folder. If Wireshark is run with extended privileges, it will delete normally protected files.

An attacker can therefore configure WinSparkle in Wireshark for Windows, in order to delete arbitrary folders.
Complete Vigil@nce bulletin.... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a networks vulnerabilities workaround. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.