We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2010-3147



Assignermitre
Reserved2010-08-27
Published2010-08-27
Updated2024-08-07

Description

Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.

References

http://www.us-cert.gov/cas/techalerts/TA10-348A.html (TA10-348A) third-party-advisory

http://www.exploit-db.com/exploits/14745/ (14745) exploit

http://secunia.com/advisories/41050 (41050) third-party-advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-096 (MS10-096) vendor-advisory

http://www.securitytracker.com/id?1024878 (1024878) vdb-entry

http://www.attackvector.org/new-dll-hijacking-exploits-many/

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12352 (oval:org.mitre.oval:def:12352) vdb-entry signature

cve.org CVE-2010-3147

nvd.nist.gov CVE-2010-3147

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.