CVE-2010-3147

Name of the Vulnerable Software and Affected Versions Windows Address Book version 6.00.2900.5512 in Microsoft Windows XP SP2 and SP3 Windows Address Book in Windows Server 2003 SP2 Windows Address Book in Windows Vista SP1 and SP2 Windows Address Book in Windows Server 2008 Gold, SP2, and R2 Windows Address Book in Windows 7

Description The issue allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory. This can occur in directories containing Windows Address Book (WAB), VCF (aka vCard), or P7C files. A remote code execution vulnerability exists in the way Windows Address Book handles the loading of DLL files, potentially allowing an attacker to take complete control of an affected system, install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Windows XP SP2 and SP3, consider disabling the wab.exe until a patch is available. For Windows Server 2003 SP2, restrict access to the Windows Address Book to minimize the risk of exploitation. For Windows Vista SP1 and SP2, avoid using the Windows Address Book in directories that may contain malicious wab32res.dll files. For Windows Server 2008 Gold, SP2, and R2, and Windows 7, apply configuration changes to prevent the loading of untrusted DLL files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.