Wireshark Stack Buffer Overflow (Remote) Exploitation and Prevention Part-II
Updated: 22 Feb 2012
In Wireshark Stack Buffer Overflow Exploitation and Prevention Part-I, I explained the procedure of exploitation of Wireshark Stack Buffer Overflow Vulnerability in Windows. In this part i will show you how to prevent Wireshark Stack Buffer Overflow Vulnerability in windows with Syamantec Critical System Protection (SCSP).
Prevention of Wireshark Buffer Overflow Vulnerability
1) I logged into my SCSP Server. Click on Prevention Tab --> Policies.
2) I create one policy named Wireshark Buffer Overflow Prevention to prevent Wireshark Buffer Overflow Vulnerability in Windows.
3) Right Click on Policy and Click Apply policy
4) Select Agent and Click on Next. Now I am Appling a Prevention Policy on Our target machine.
5) SCSP Prevention is enabled on Windows XP machine.
6) Still Our victim is running Wireshark to caputre Network Packets.
7) Attacker tries to exploit the wireshark buffer overflow vulnerability but this time attacker will not able to get the session of Victim Machine.
It means we are able to prevent Wireshark Buffer Overflow Vulnerability With Symantec Critical System Protection (SCSP) .
Article Filed Under: