CVE-2011-3360

Wireshark <1.4.9, <1.6.2 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-3360. PoCs published by Metasploit, Haifei Li, sinn3r, including Metasploit module exploits/windows/misc/wireshark_lua.

AI-analyzed exploit summary This Metasploit module exploits CVE-2011-3360 in Wireshark by serving a malicious 'console.lua' script alongside a fake pcap file. When Wireshark opens the pcap, it executes the Lua script, leading to arbitrary code execution.

Description

Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/18125

This Metasploit module exploits CVE-2011-3360 in Wireshark by serving a malicious 'console.lua' script alongside a fake pcap file. When Wireshark opens the pcap, it executes the Lua script, leading to arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Wireshark 1.6.0 to 1.6.1, 1.4.0 to 1.4.8
No auth needed
Prerequisites: Victim must open the malicious pcap file in Wireshark · Network access to serve the malicious files
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by Haifei Li, sinn3r · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/wireshark_lua.rb

This Metasploit module exploits CVE-2011-3360 by serving a malicious 'console.lua' script alongside a fake PCAP file. When Wireshark opens the PCAP, it executes the Lua script, leading to arbitrary code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Wireshark 1.6.0 to 1.6.1, 1.4.0 to 1.4.8
No auth needed
Prerequisites: Victim must open the malicious PCAP file in Wireshark
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (9)

Core 9
Core References
Vendor Advisory x_refsource_confirm
http://www.wireshark.org/security/wnpa-sec-2011-15.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2324
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/09/14/5
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=737784
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/75347
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:138
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15059
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/09/13/1

Scores

EPSS 0.3553
EPSS Percentile 98.3%

Details

Status published
Products (11)
wireshark/wireshark 1.4.0
wireshark/wireshark 1.4.1
wireshark/wireshark 1.4.2
wireshark/wireshark 1.4.3
wireshark/wireshark 1.4.4
wireshark/wireshark 1.4.5
wireshark/wireshark 1.4.6
wireshark/wireshark 1.4.7
wireshark/wireshark 1.4.8
wireshark/wireshark 1.6.0
... and 1 more
Published Sep 20, 2011
Tracked Since Feb 18, 2026