-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

==========================================================================
==========================================================================
 Wireshark 1.4.1 (wireshark.exe) dll hijacking reloaded
 
 Author: shinnai
 mail: shinnai[at]autistici[dot]org
 site: http://www.shinnai.altervista.org/

 This was written for educational purpose. Use it at your own risk.
 Author will be not responsible for any damage.

 Tested on:
 Windows 7 professional full patched
==========================================================================
==========================================================================
 DESCRIPTION: 
 I think this is just a logic flaw, infact this program is still
 vulnerable to dll hijacking simply creating, in the same folder of
 one of below listed files, these folders:

 "%commonprogramfiles%\microsoft shared\windows live"

 and then put into "windows live" folder our dll.

 E.g.
 
  C:\>dir /S test

  Volume in drive C has no label.
  Volume Serial Number is XXXX-YYYY

  Directory of C:\test

 14/10/2010  11:29    <DIR>          .
 14/10/2010  11:29    <DIR>          ..
 14/10/2010  11:29    <DIR>          %commonprogramfiles%
 07/10/2010  13:22                 8 test.xspf
                1 File(s)              8 bytes

  Directory of C:\test\%commonprogramfiles%

 14/10/2010  11:29    <DIR>          .
 14/10/2010  11:29    <DIR>          ..
 14/10/2010  11:29    <DIR>          microsoft shared
                0 File(s)              0 bytes

  Directory of C:\test\%commonprogramfiles%\microsoft shared

 14/10/2010  11:29    <DIR>          .
 14/10/2010  11:29    <DIR>          ..
 14/10/2010  11:29    <DIR>          windows live
                0 File(s)              0 bytes

  Directory of C:\test\%commonprogramfiles%\microsoft shared\windows live

 14/10/2010  11:29    <DIR>          .
 14/10/2010  11:29    <DIR>          ..
 14/10/2010  09:36            14,336 libintl-8.dll
               1 File(s)         14,336 bytes
==========================================================================
==========================================================================
 INFO:
 Prg.:	wireshark.exe
 Ver.:	1.4.1.34476
 Ext.:	5vw
	acp
	apc
	atc
	bfr
	cap
	enc
	erf
	fdc
	pcapng
	pcap
	pkt
	rf5
	snoop
	syc
	tpc
	tr1
	trace
	trc
	wpc
	wpz

 dll:	libintl-8.dll
==========================================================================
==========================================================================
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)

iQIcBAEBAgAGBQJMtvYiAAoJELleC2c7YdP1As0P/0TCGFrGE810QOZ0I9enE64q
07skJS+m5F2QP5/6J3ACruNrcQV7WMHRGZLJRKRdsIyVelU07vGPNXj7lPkBT7JG
ywYLK+au8Om7+11H2kZM8vG2u96zwsb9CN8rOE5YIZRIVX/5tMM1RjblF+/2jNyz
lRIY2j+7CObVxpdKy3CwOOEvLzk6/NtIlH9m9SVEqTHpLhABZA2t8I0ZIDJu5DD+
fVkZfsRWu2+0eRdb+wHmsLCyv610N84jsCE+BMSH7SAOYGydZrH+j2OrQZ/4pklP
ZIh2Sq9gKw1Pk2EEj49CdOoU813sGVJkHwelUue22NZS8DVN81inO5jfGT+urW+3
02wg5rZBN7L9OjMObfULaFjneV3uOaon/JVVjbDmt1to3ktUUd8SMbEnary3hhU/
1fuSqnz299mFrAZUT+KGkU2M7vG9v5hmbBRSjgRYCGd9agJ7ihwXh0S/EFduDxVW
U6hWrk0t+Sie9XTfuLVLj8N0VWz57NBwXwXJpr1ndmsjonNLK3vFEsKze+WmeBQc
5A5KzJtdg3rXrIJA2RibLLKzaE2sn7h2jsWn1hlSolta8v30Q1GCz+Bp0k3HOC3Q
pqaWHhqvFdZ0CJnu7wl+kSsZA08vsknX0BHWAFdMHPiK5IqCxaxlgfJDmDMb5SHE
dkCtP7fWYbb8gRhA80yH
=AjRX
-----END PGP SIGNATURE-----