CVE-2010-3143

Microsoft Windows Contacts - RCE

Title source: llm

Description

Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file. NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3147.

Exploits (3)

exploitdb WORKING POC VERIFIED

by storm · clocalwindows

https://www.exploit-db.com/exploits/14778

View Code ZIP pw:eip

exploitdb WORKING POC

clocalwindows

https://www.exploit-db.com/exploits/14733

View Code ZIP pw:eip

exploitdb WORKING POC

clocalwindows

https://www.exploit-db.com/exploits/14745

View Code ZIP pw:eip

References (3)

[Exploit] http://www.exploit-db.com/exploits/14778/

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/64446

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7224

Scores

EPSS 0.0882

EPSS Percentile 92.5%

Details

Status published

Products (1)

microsoft/windows

Published Aug 27, 2010

Tracked Since Feb 18, 2026