Published: 26/08/2010 Updated: 19/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 940

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc90loc.dll or (2) dwmapi.dll that is located in the same folder as a CSS, PHP, ASP, or other file that automatically launches Dreamweaver.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adobe dreamweaver 11.0

/* Exploit Title: Adobe Dreamweaver CS4 DLL Hijacking Exploit (ibfs32dll) Date: August 25, 2010 Author: Glafkos Charalambous (glafkos[@]astalavista[dot]com) Version: 100 Build 4117 Tested on: Windows 7 Ultimate x86 Vulnerable extensions: asp asa aspx php php5 cfm tpl asr jsp (etc) Greetz: Astalavista, OffSEC, Exploit-DB */ #include &lt ...

# Exploit Title: Adobe Dreamweaver CS5 DLL Hijacking Exploit (mfc90locdll) # Date: 25/08/2010 # Author: Bruno Filipe (diwr) digitalacropolisus # Software Link: wwwadobecom <wwwbsplayerorg> # Version: <= 110 build 4909 # Tested on: WinXP SP2, WinXP SP3 # Other Adobe CS5 products may be vulnerable too # Thx TheLe ...

NVD-CWE-Other http://www.vupen.com/english/advisories/2010/2171 http://secunia.com/advisories/41110 http://www.exploit-db.com/exploits/14740 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12035 https://nvd.nist.gov https://www.exploit-db.com/exploits/14735/

CVE-2010-3132

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect