Published: 27/08/2010 Updated: 10/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Untrusted search path vulnerability in Adobe Illustrator CS4 14.0.0, CS5 15.0.1 and previous versions, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or aires.dll that is located in the same folder as an .ait or .eps file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adobe illustrator 15.0.1
adobe illustrator 14.0

/* Exploit Title: Adobe Illustrator CS4 DLL Hijacking Exploit (airesdll) Date: August 25, 2010 Author: Glafkos Charalambous (glafkos[@]astalavista[dot]com) Version: CS4 v1400 Tested on: Windows 7 x64 Ultimate Vulnerable extensions: ait eps Greetz: Astalavista, OffSEC, Exploit-DB Note: Create folders system\enu_us and put airesdll */ #includ ...

NVD-CWE-Other http://www.exploit-db.com/exploits/14773/http://secunia.com/advisories/41134 http://www.vupen.com/english/advisories/2010/2198 http://osvdb.org/67534 http://www.adobe.com/support/security/bulletins/apsb10-29.html http://www.securitytracker.com/id?1024865 http://www.securityfocus.com/archive/1/513335/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/14773/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-3152

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect