This host is missing a critical security update according to Microsoft Bulletin MS10-096.

Successful exploitation could allow attackers to execute arbitrary code. Impact Level: System

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/MS10-096.mspx

The Address Book (wab.exe) application insecurely loads certain librairies from the current working directory, which could allow attackers to execute arbitrary code by tricking a user into opening a vCard file from a network share.

Micorsoft Windows 7 Microsoft Windows XP Service Pack 3 and prior. Microsoft Windows 2003 Service Pack 2 and prior. Microsoft Windows Vista Service Pack 1/2 and prior. Microsoft Windows Server 2008 Service Pack 1/2 and prior.

• http://secunia.com/advisories/41050
• http://support.microsoft.com/kb/2423089
• http://www.attackvector.org/new-dll-hijacking-exploits-many/
• http://www.microsoft.com/technet/security/bulletin/MS10-096.mspx

---

Updated on 2015-03-25