Vulnerability Name: | CVE-2010-3143 (CCN-64446) | ||||||||
Assigned: | 2010-08-25 | ||||||||
Published: | 2010-08-25 | ||||||||
Updated: | 2017-09-19 | ||||||||
Summary: | Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file. Note: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3147. | ||||||||
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 8.0 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:U/RC:UR)
8.0 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:U/RC:UR)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: MITRE Type: CNA CVE-2010-3143 Source: EXPLOIT-DB Type: Exploit 14778 Source: CCN Type: Microsoft Web site Microsoft Source: CCN Type: OSVDB ID: 67553 Microsoft Windows Contacts Path Subversion Arbitrary DLL Injection Code Execution Source: XF Type: UNKNOWN ms-win-dll-code-exec(64446) Source: XF Type: UNKNOWN ms-win-dll-code-exec(64446) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:7224 Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [08-25-2010] | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||
Oval Definitions | |||||||||
| |||||||||
BACK |