CVE-2010-3143

EPSS 21.1%

Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file. NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3147.

Affected products

n/a · n/a

public PoCs found — 4

cve_referencewww.exploit-db.com/exploits/14778/unverified exploitdbwww.exploit-db.com/exploits/14745unverified exploitdbwww.exploit-db.com/exploits/14778unverified exploitdbwww.exploit-db.com/exploits/14733unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/64446 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7224 http://www.exploit-db.com/exploits/14778/