CVE-2016-1417
HIGHSnort 2.9.7.0-WIN32 - Remote Code Execution via DLL Hijacking
Title source: llmDescription
Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same folder on a remote file share as a pcap file that is being processed.
References (5)
Core 5
Core References
Exploit, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1036936
Exploit, Third Party Advisory x_refsource_misc
http://hyp3rlinx.altervista.org/advisories/SNORT-DLL-HIJACK.txt
Exploit, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93269
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/138915/Snort-2.9.7.0-WIN32-DLL-Hijacking.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/539579/100/0/threaded
Scores
CVSS v3
8.8
EPSS
0.0443
EPSS Percentile
90.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-426
Status
published
Products (1)
snort/snort
2.9.7.0
Published
Jan 23, 2017
Tracked Since
Feb 18, 2026