Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3147

7 documents4 sources
Severity
9.3CRITICAL
EPSS
25.1%
top 3.82%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Outlook Express
Timeline
PublishedAug 27
Latest updateMay 14

Description

Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the co

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDmicrosoft/outlook_express6.00.2900.5512

🔴Vulnerability Details

2
GHSA
GHSA-r3qf-2852-p8j8: Untrusted search path vulnerability in wab2022-05-14
CVEList
CVE-2010-3147: Untrusted search path vulnerability in wab2010-08-27

💥Exploits & PoCs

4
Exploit-DB
Microsoft Address Book 6.00.2900.5512 - 'wab32res.dll' DLL Hijacking2010-08-25
Exploit-DB
Microsoft Windows - Contacts 'wab32res.dll' DLL Hijacking2010-08-25
Exploit-DB
Microsoft Windows 7 - 'wab32res.dll wab.exe' DLL Hijacking2010-08-24
Exploit-DB
Yahoo! Messenger 8.1.0.249 - ActiveX Control Buffer Overflow (Metasploit)2010-06-15
CVE-2010-3147 (CRITICAL CVSS 9.3) | Untrusted search path vulnerability | cvebase.io