PT-2017-7955 · Cisco · Snort

Hyp3Rlinx

Published

2017-01-23

Updated

2018-10-09

CVE-2016-1417

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Snort version 2.9.7.0-WIN32

Description The issue allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks. This can be achieved via a Trojan horse tcapi.dll located in the same folder on a remote file share as a pcap file that is being processed.

Recommendations For Snort version 2.9.7.0-WIN32, consider restricting access to remote file shares to minimize the risk of exploitation until a patch is available. Avoid using remote file shares for processing pcap files until the issue is resolved.

Exploit

Fix

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

CVE-2016-1417

Affected Products

Snort

PT-2017-7955 · Cisco · Snort

CVE-2016-1417

Weakness Enumeration

Related Identifiers

Affected Products

References · 7