CVE-2010-3149 - Untrusted search path vulnerability in Adobe Device Central CS5 3.0.0(376), 3.0.1.0 (3027), and prob

CVE-2010-3149

Summary

Untrusted search path vulnerability in Adobe Device Central CS5 3.0.0(376), 3.0.1.0 (3027), and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse qtcf.dll that is located in the same folder as an ADCP file.

References

http://osvdb.org/67533
http://secunia.com/advisories/41118
http://www.exploit-db.com/exploits/14755/
http://www.securityfocus.com/archive/1/513323/100/0/threaded
http://www.vupen.com/english/advisories/2010/2196

Vulnerable Configurations

cpe:2.3:a:adobe:device_central_cs5:3.0.0\(376\):*:*:*:*:*:*:*
cpe:2.3:a:adobe:device_central_cs5:3.0.0\(376\):*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 10-10-2018 - 20:01)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bugtraq	20100825 Adobe Device Central CS5 DLL Hijacking Exploit (qtcf.dll)
exploit-db	14755
osvdb	67533
secunia	41118
vupen	ADV-2010-2196

Last major update

10-10-2018 - 20:01

Published

27-08-2010 - 19:00

Last modified

10-10-2018 - 20:01