Update exploitability per the Wireshark bug (#156)

todb · web-flow · commit b0b03323b5a3 · 2023-06-07T07:24:10.000-05:00
See https://gitlab.com/wireshark/wireshark/-/issues/19086#note_1400755665 Signed-off-by: Tod Beardsley <todb@packetfu.com>
diff --git a/cves/CVE-2023-0667.md b/cves/CVE-2023-0667.md
@@ -13,7 +13,7 @@ Any questions about this disclosure should be directed to **cve@takeonme.org**.
 
 # Executive Summary
 
-Due to failure in validating the length provided by an attacker-crafted [MSMMS](https://wiki.wireshark.org/MSMMS.md) packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. [CVE-2023-0667] appears to be an instance of [CWE-122].
+Due to failure in validating the length provided by an attacker-crafted [MSMMS](https://wiki.wireshark.org/MSMMS.md) packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. [CVE-2023-0667] appears to be an instance of [CWE-122].
 
 # Technical Details
 
