-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

==========================================================================
==========================================================================
 Wireshark 1.4.1 (dumpcap.exe) dll hijacking reloaded
 
 Author: shinnai
 mail: shinnai[at]autistici[dot]org
 site: http://www.shinnai.altervista.org/

 This was written for educational purpose. Use it at your own risk.
 Author will be not responsible for any damage.

 Tested on:
 Windows 7 professional full patched
==========================================================================
==========================================================================
 DESCRIPTION: 
 I think this is just a logic flaw, infact this program is still
 vulnerable to dll hijacking simply creating, in the same folder of
 one of below listed files, these folders:

 "%commonprogramfiles%\microsoft shared\windows live"

 and then put into "windows live" folder our dll.

 E.g.
 
  C:\>dir /S test

  Volume in drive C has no label.
  Volume Serial Number is XXXX-YYYY

  Directory of C:\test

 14/10/2010  11:29    <DIR>          .
 14/10/2010  11:29    <DIR>          ..
 14/10/2010  11:29    <DIR>          %commonprogramfiles%
 07/10/2010  13:22                 8 test.xspf
                1 File(s)              8 bytes

  Directory of C:\test\%commonprogramfiles%

 14/10/2010  11:29    <DIR>          .
 14/10/2010  11:29    <DIR>          ..
 14/10/2010  11:29    <DIR>          microsoft shared
                0 File(s)              0 bytes

  Directory of C:\test\%commonprogramfiles%\microsoft shared

 14/10/2010  11:29    <DIR>          .
 14/10/2010  11:29    <DIR>          ..
 14/10/2010  11:29    <DIR>          windows live
                0 File(s)              0 bytes

  Directory of C:\test\%commonprogramfiles%\microsoft shared\windows live

 14/10/2010  11:29    <DIR>          .
 14/10/2010  11:29    <DIR>          ..
 14/10/2010  09:36            14,336 airpcap.dll
               1 File(s)         14,336 bytes
==========================================================================
==========================================================================
 INFO:
 Prg.:	dumpcap.exe
 Ver.:	1.4.1.34476
 Ext.:	5vw
	5vw
	acp
	acp
	apc
	apc
	atc
	atc
	bfr
	bfr
	enc
	enc
	erf
	erf
	fdc
	fdc
	pcapng
	pcapng
	pcap
	pcap
	pkt
	pkt
	snoop
	snoop
	syc
	syc
	trace
	trace
	trc
	trc
	wpc
	wpc
	wpz
	wpz

 dll:	airpcap.dll
	tcapi.dll
==========================================================================
==========================================================================

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)

iQIcBAEBAgAGBQJMtvQiAAoJELleC2c7YdP1Ge4P/j1G11W9+BI9Pxmg3ueYqoj+
iLbmeV4YrQzI6jGghzW8de4cAs0h547H6g1Kzvi3YGjYgbXXI9OuqgakZuYL6Ky/
PY6t5VW9qsW7cqkVnBPzmLjJb+YUQTwUxBdQkibEs2HHklNzGo8ZnlWqn6hBq2a2
mvTwRN9CS6ozkVxT19U3fuvfn5T0CC/YQTLfCC8HaN0VDQLbExSTIzJq9nbRy7RU
COU32AzZD8VdaX0ECJHoeagJXVId4bY7a2qWp8FU62B+6AmrmZxFYm8Z3B0rRX4u
mkzIMMbsZQ6eExj0+xKK0IQKP8GUw7LJXgPlp4ouqBGAJkj2x29SBsL2hbEUefww
V4XJcFxp+hq5EEJRs8yYZDwUw6luVeJLtr0f1zEq84j3LopscK8Bvn8hodSTBgIz
Thxjgvzlw/hhlaY79A7iHhLrLifioBuvpEVCzb0RP9B3yNXb4P+TPIM4bgQFGAiS
+qJibcq1/JfDoGdr0kSOFwyu6+Iu+zo1n5iYOr6lMHjHVeKdQpmEAkBATY15JDhb
FkA3/xoA0e8BKMOd8AsW3nY9C/bM6O6BPVgWs0cyTEIrj9Xaxbew++eQ4xqSeHtq
f8/a9KzjhRHeptuFxRcLpZGJFK5V9pNmX9qeOxd3/s+2eFm6BHfEQsFR7RzuLcRV
al2rKyW7AhQ+ECflRV33
=CPYt
-----END PGP SIGNATURE-----