Wireshark-bugs: [Wireshark-bugs] [Bug 5133] Wireshark vulnerable to DLL hijacking
Date: Fri, 27 Aug 2010 11:45:10 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5133

--- Comment #21 from Chris Maynard <christopher.maynard@xxxxxxxxx> 2010-08-27 11:45:08 PDT ---
(In reply to comment #19)
> Is the "Read & Execute" permission enabled on the DLL?
Interesting.  The properties dialog indicated, "This file came from another
computer and might be blocked to help protect this computer."  There was an
"Unblock" button, but clicking it didn't make any difference.

Before clicking it, the Permissions had the following selected under "Allow":
Full Control, Modify, Read & Execute, Read, and Write.  In fact, only "Special
Permissions" was not selected.  After clicking "Unblock", I didn't notice
anything different as far as permissions goes.  The only thing that happened on
the dialog was that the previous message and button was now grayed-out. 
Clicking OK on the dialog and then bringing it up again no longer even displays
the grayed-out stuff.  Hmm?

Advanced security settings had "Inherit from parent ..." checked and all
permission entries list "Full Control" for the Permission.  Removing "Inherited
from" and then changing the permissions to match the real airpcap.dll changed
the Permission indication from "Full Control" to "Read & Execute", but not
surprisingly, it also had no affect.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.