CVE-2014-2299

Wireshark <1.8.13, <1.10.6 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-2299. PoCs published by Metasploit, Wesley Neelen, j0sm1, including Metasploit module exploits/windows/fileformat/wireshark_mpeg_overflow.

AI-analyzed exploit summary This exploit triggers a stack buffer overflow in Wireshark versions <= 1.8.12/1.10.5 by generating a malicious PCAP file. It uses ROP chains and SEH overwrites to achieve remote code execution on Windows XP SP2/SP3 systems.

Description

Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the MPEG parser in Wireshark 1.8.x before 1.8.13 and 1.10.x before 1.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a large record in MPEG data.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/33069

This exploit triggers a stack buffer overflow in Wireshark versions <= 1.8.12/1.10.5 by generating a malicious PCAP file. It uses ROP chains and SEH overwrites to achieve remote code execution on Windows XP SP2/SP3 systems.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Wireshark <= 1.8.12/1.10.5
No auth needed
Prerequisites: Target must open the malicious PCAP file in Wireshark
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC GOOD
by Wesley Neelen, j0sm1 · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/wireshark_mpeg_overflow.rb

This Metasploit module exploits a stack buffer overflow in Wireshark <= 1.8.12/1.10.5 via a malicious MPEG file. It uses ROP chains and SEH overwrites to achieve remote code execution on Windows systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Wireshark <= 1.8.12/1.10.5
No auth needed
Prerequisites: Target must open the malicious MPEG file in Wireshark
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/104199
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/57489
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/57480
Vendor Advisory x_refsource_confirm
http://www.wireshark.org/security/wnpa-sec-2014-04.html
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/33069
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-03/msg00046.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029907
Mailing List vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-03/msg00047.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-2871
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/66066
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0341.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0342.html

Scores

EPSS 0.4714
EPSS Percentile 98.7%

Details

CWE
CWE-119
Status published
Products (19)
wireshark/wireshark 1.8.0
wireshark/wireshark 1.8.1
wireshark/wireshark 1.8.2
wireshark/wireshark 1.8.3
wireshark/wireshark 1.8.4
wireshark/wireshark 1.8.5
wireshark/wireshark 1.8.6
wireshark/wireshark 1.8.7
wireshark/wireshark 1.8.8
wireshark/wireshark 1.8.9
... and 9 more
Published Mar 11, 2014
Tracked Since Feb 18, 2026