We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2010-3147



Description

Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.

Reserved 2010-08-27 | Published 2010-08-27 | Updated 2024-08-07 | Assigner mitre

References

www.us-cert.gov/cas/techalerts/TA10-348A.html (TA10-348A) third-party-advisory

www.exploit-db.com/exploits/14745/ (14745) exploit

secunia.com/advisories/41050 (41050) third-party-advisory

docs.microsoft.com/...pdates/securitybulletins/2010/ms10-096 (MS10-096) vendor-advisory

www.securitytracker.com/id?1024878 (1024878) vdb-entry

www.attackvector.org/new-dll-hijacking-exploits-many/

oval.cisecurity.org/...inition/oval:org.mitre.oval:def:12352 (oval:org.mitre.oval:def:12352) vdb-entry signature

cve.org (CVE-2010-3147)

nvd.nist.gov (CVE-2010-3147)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2010-3147

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.

© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.