CVE-2010-3143 - Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly r

CVE-2010-3143

Summary

Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file. NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3147.

References

Vulnerable Configurations

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 19-09-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

oval via4

accepted

2014-06-30T04:11:24.240-04:00

class

vulnerability

contributors

name SecPod Team
organization SecPod Technologies
name Josh Turpin
organization Symantec Corporation
name Maria Mikhno
organization ALTX-SOFT

definition_extensions

comment Microsoft Windows Vista is installed
oval oval:org.mitre.oval:def:228
comment Microsoft Windows Server 2008 (32-bit) is installed
oval oval:org.mitre.oval:def:4870
comment Microsoft Windows Server 2008 (64-bit) is installed
oval oval:org.mitre.oval:def:5356
comment Microsoft Windows 7 x64 Edition is installed
oval oval:org.mitre.oval:def:5950
comment Microsoft Windows 7 (32-bit) is installed
oval oval:org.mitre.oval:def:6165

description

family

windows

oval:org.mitre.oval:def:7224

status

accepted

submitted

2010-10-13T15:19:01

title

Untrusted search path vulnerability in Microsoft Windows Contacts via a Trojan horse wab32res.dll

version

refmap via4

exploit-db	14778
xf	ms-win-dll-code-exec(64446)

Last major update

19-09-2017 - 01:31

Published

27-08-2010 - 19:00

Last modified

19-09-2017 - 01:31