Intrusion PreventionMS.Windows.Mail.Insecure.Library.Loading
Description
This indicates an attempt to exploit a remote Code Execution vulnerability in Windows Mail.
The vulnerability is caused by the way the vulnerable application loads "wab32res.dll". A remote attacker can exploit it to load and execute a malicious DLL.
Affected Products
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor:
http://www.microsoft.com/technet/security/Bulletin/MS11-085.mspx
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
| ID | 30025 |
| Created | Nov 10, 2011 |
| Updated | Sep 16, 2015 |
| Risk |
|
| CVE ID | CVE-2010-3147 CVE-2011-2016 |
| Exploit Prediction Score | 44.54% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | MS_Exchange |