Lucene search

[email protected]NVD:CVE-2010-3147

HistoryAug 27, 2010 - 7:00 p.m.

CVE-2010-3147

2010-08-2719:00:18

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.2

Confidence

Low

EPSS

0.443

Percentile

97.5%

JSON

Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka “Insecure Library Loading Vulnerability.” NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.

Affected configurations

Nvd

Node

microsoftoutlook_expressMatch6.00.2900.5512

AND

microsoftwindows_2003_serversp2

microsoftwindows_2003_serversp2itanium

microsoftwindows_7

microsoftwindows_7Match-

microsoftwindows_server_2003sp2

microsoftwindows_server_2008itanium

microsoftwindows_server_2008x32

microsoftwindows_server_2008x64

microsoftwindows_server_2008r2itanium

microsoftwindows_server_2008r2x64

microsoftwindows_server_2008sp2x32

microsoftwindows_server_2008sp2x64

microsoftwindows_server_2008Match-sp2itanium

microsoftwindows_vistasp1

microsoftwindows_vistasp2

microsoftwindows_vistaMatch-sp1

microsoftwindows_xpsp3

microsoftwindows_xpMatch-sp2x64

VendorProductVersionCPE
microsoftoutlook_express6.00.2900.5512cpe:2.3:a:microsoft:outlook_express:6.00.2900.5512:*:*:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
microsoftwindows_2003_server*cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
microsoftwindows_7*cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:*:*
microsoftwindows_7-cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
microsoftwindows_server_2003*cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:*:itanium:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:*:x32:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:*:x64:*:*:*:*:*
microsoftwindows_server_2008*cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	outlook_express	6.00.2900.5512	cpe:2.3:a:microsoft:outlook_express:6.00.2900.5512:::::::*
microsoft	windows_2003_server	*	cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*
microsoft	windows_2003_server	*	cpe:2.3:o:microsoft:windows_2003_server::sp2:itanium:::::
microsoft	windows_7	*	cpe:2.3:o:microsoft:windows_7::::::::
microsoft	windows_7	-	cpe:2.3:o:microsoft:windows_7:-:::::::*
microsoft	windows_server_2003	*	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008:::itanium:::::*
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008:::x32:::::*
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008:::x64:::::*
microsoft	windows_server_2008	*	cpe:2.3:o:microsoft:windows_server_2008::r2:itanium:::::