Microsoft · Windows Vista · CVE-2010-3147
**Name of the Vulnerable Software and Affected Versions**
Windows Address Book version 6.00.2900.5512 in Microsoft Windows XP SP2 and SP3
Windows Address Book in Windows Server 2003 SP2
Windows Address Book in Windows Vista SP1 and SP2
Windows Address Book in Windows Server 2008 Gold, SP2, and R2
Windows Address Book in Windows 7
**Description**
The issue allows local users to gain privileges via a Trojan horse `wab32res.dll` file in the current working directory. This can occur in directories containing Windows Address Book (WAB), VCF (aka vCard), or P7C files. A remote code execution vulnerability exists in the way Windows Address Book handles the loading of DLL files, potentially allowing an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights.
**Recommendations**
For Windows XP SP2 and SP3, consider disabling the `wab.exe` until a patch is available.
For Windows Server 2003 SP2, restrict access to the Windows Address Book to minimize the risk of exploitation.
For Windows Vista SP1 and SP2, avoid using the Windows Address Book in directories that may contain malicious `wab32res.dll` files.
For Windows Server 2008 Gold, SP2, and R2, and Windows 7, apply configuration changes to prevent the loading of untrusted DLL files.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.