Vulnerability Name: CVE-2010-3147 (CCN-63581) Assigned: 2010-08-27 Published: 2010-08-27 Updated: 2019-02-26 Summary: Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." Note : the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143 . Per: http://cwe.mitre.org/data/definitions/426.html
'CWE-426: Untrusted Search Path' CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C )6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): Access Complexity (AC): Authentication (Au): Impact Metrics: Confidentiality (C): Integrity (I): Availibility (A):
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C )6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C )Exploitability Metrics: Access Vector (AV): Access Complexity (AC): Athentication (Au): Impact Metrics: Confidentiality (C): Integrity (I): Availibility (A):
Vulnerability Type: CWE-Other Vulnerability Consequences: Gain Access References: Source: MITRE Type: CNACVE-2010-3147 Source: CCN Type: SA41050Microsoft Windows Address Book Insecure Library Loading Vulnerability Source: SECUNIA Type: Vendor Advisory41050 Source: CCN Type: SECTRACK ID: 1024878Windows Address Book May Load DLLs Unsafely and Remotely Execute Arbitrary Code Source: MISC Type: Exploithttp://www.attackvector.org/new-dll-hijacking-exploits-many/ Source: EXPLOIT-DB Type: Exploit14745 Source: CCN Type: Microsoft Security Advisory (2269637)Insecure Library Loading Could Allow Remote Code Execution Source: CCN Type: Microsoft Security Bulletin MS10-096Vulnerability in Windows Address Book Could Allow Remote Code Execution (2423089) Source: SECTRACK Type: UNKNOWN1024878 Source: CERT Type: US Government ResourceTA10-348A Source: MS Type: UNKNOWNMS10-096 Source: XF Type: UNKNOWNwin-addressbook-code-execution(63581) Source: OVAL Type: UNKNOWNoval:org.mitre.oval:def:12352 Vulnerable Configuration: Configuration 1 :cpe:/a:microsoft:outlook_express:6.00.2900.5512:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:* OR cpe:/o:microsoft:windows_7:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_7:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:sp1:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:-:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:* OR cpe:/o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:* Configuration CCN 1 :cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:* OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:* OR cpe:/o:microsoft:windows_vista:*:sp1:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:* OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_vista:*:sp2:*:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_7:*:*:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_7:-:*:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:* Denotes that component is vulnerableVulnerability Name: CVE-2010-3147 (CCN-63773) Assigned: 2010-08-23 Published: 2010-08-23 Updated: 2019-02-26 Summary: Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." Note : the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143 . Per: http://cwe.mitre.org/data/definitions/426.html
'CWE-426: Untrusted Search Path' CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C )8.0 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:W/RC:C )Exploitability Metrics: Access Vector (AV): Access Complexity (AC): Authentication (Au): Impact Metrics: Confidentiality (C): Integrity (I): Availibility (A):
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C )8.0 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:W/RC:C )Exploitability Metrics: Access Vector (AV): Access Complexity (AC): Athentication (Au): Impact Metrics: Confidentiality (C): Integrity (I): Availibility (A):
Vulnerability Type: CWE-Other Vulnerability Consequences: Gain Access References: Source: MITRE Type: CNACVE-2010-3147 Source: CCN Type: SA41050Microsoft Windows Address Book Insecure Library Loading Vulnerability Source: CCN Type: SECTRACK ID: 1024878Windows Address Book May Load DLLs Unsafely and Remotely Execute Arbitrary Code Source: CCN Type: Microsoft Security Advisory (2269637)Insecure Library Loading Could Allow Remote Code Execution Source: CCN Type: BID-42648Microsoft Windows Address Book 'wab32res.dll' DLL Loading Arbitrary Code Execution Vulnerability Source: XF Type: UNKNOWNwindowsaddbook-dll-ce(63773) Source: EXPLOIT-DB Type: EXPLOITOffensive Security Exploit Database Oval Definitions BACK
microsoft outlook express 6.00.2900.5512
microsoft windows 2003 server * sp2
microsoft windows 2003 server * sp2
microsoft windows 7 *
microsoft windows 7 -
microsoft windows server 2003 * sp2
microsoft windows server 2008 *
microsoft windows server 2008 *
microsoft windows server 2008 *
microsoft windows server 2008 * r2
microsoft windows server 2008 * r2
microsoft windows server 2008 * sp2
microsoft windows server 2008 * sp2
microsoft windows server 2008 - sp2
microsoft windows vista * sp1
microsoft windows vista * sp1
microsoft windows vista * sp2
microsoft windows vista * sp2
microsoft windows vista - sp1
microsoft windows xp * sp3
microsoft windows xp - sp2
microsoft windows server_2003 sp2
microsoft windows server_2003 sp2
microsoft windows server_2003 sp2
microsoft windows xp sp2
microsoft windows vista * sp1
microsoft windows vista * sp1
microsoft windows server 2008
microsoft windows server 2008 -
microsoft windows server 2008 -
microsoft windows xp sp3
microsoft windows vista * sp2
microsoft windows vista * sp2
microsoft windows server 2008 sp2
microsoft windows server 2008 sp2
microsoft windows 7 *
microsoft windows 7 -
microsoft windows server 2008 * r2
microsoft windows server 2008 * r2
microsoft windows server 2008