METASPLOIT-modules/exploits/windows/fileformat/wireshark_packet_dect.rb

METASPLOIT ruby WORKING POC

Exploit for CVE-2011-1591 - Wireshark <1.4.5 - Buffer Overflow

AI Analysis

This Metasploit module exploits a stack buffer overflow in Wireshark <= 1.4.4 by crafting a malicious .pcap file. It uses ROP gadgets to bypass DEP and ASLR, achieving arbitrary code execution when the file is opened.

Attack Type

RCE

Complexity

complex

Reliability

reliable

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

Loading exploit code...

Download ZIP Password: eip

Source

Platform Metasploit

Type poc

Platform win

Language ruby

Rank good

Files 1

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/wireshark_packet_dect.rb

Authors

corelanc0d3r sickness Paul Makowski

Vulnerability

CVE-2011-1591

Wireshark <1.4.5 - Buffer Overflow