CVE-2016-1417
high
CVSS v3
8.8
CVSS v2
6.8
VIR risk
8.8
Description
Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same folder on a remote file share as a pcap file that is being processed.
Predictions
Exploit likelihood
92%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| snort | snort | 2.9.7.0 | |
References
- http://hyp3rlinx.altervista.org/advisories/SNORT-DLL-HIJACK.txt
- http://packetstormsecurity.com/files/138915/Snort-2.9.7.0-WIN32-DLL-Hijacking.html
- http://www.securityfocus.com/archive/1/539579/100/0/threaded
- http://www.securityfocus.com/bid/93269
- http://www.securitytracker.com/id/1036936
- http://hyp3rlinx.altervista.org/advisories/SNORT-DLL-HIJACK.txt
- http://packetstormsecurity.com/files/138915/Snort-2.9.7.0-WIN32-DLL-Hijacking.html
- http://www.securityfocus.com/archive/1/539579/100/0/threaded
- http://www.securityfocus.com/bid/93269
- http://www.securitytracker.com/id/1036936
CWEs
CWE-426
Verify integrity in audit chain (admin only). AS-IS.