Wireshark is vulnerable to DLL hijacking as described in Microsoft Security Advisory 2269637: https://technet.microsoft.com/library/security/2269637 It may be possible to make Wireshark to run hostile code by placing a specially-coded DLL in the same directory as a capture file. External References: https://www.wireshark.org/security/wnpa-sec-2016-01.html