Published: 27/08/2010 Updated: 10/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 935
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Untrusted search path vulnerability in Adobe Illustrator CS4 14.0.0, CS5 15.0.1 and previous versions, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or aires.dll that is located in the same folder as an .ait or .eps file.

Affected Products

Vendor Product Versions
AdobeIllustrator14.0, 15.0.1


/* Exploit Title: Adobe Illustrator CS4 DLL Hijacking Exploit (airesdll) Date: August 25, 2010 Author: Glafkos Charalambous (glafkos[@]astalavista[dot]com) Version: CS4 v1400 Tested on: Windows 7 x64 Ultimate Vulnerable extensions: ait eps Greetz: Astalavista, OffSEC, Exploit-DB Note: Create folders system\enu_us and put airesdll */ #includ ...