ID CVE-2010-3132
Summary Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc90loc.dll or (2) dwmapi.dll that is located in the same folder as a CSS, PHP, ASP, or other file that automatically launches Dreamweaver. Per: http://cwe.mitre.org/data/definitions/426.html CWE-426 - 'Untrusted Search Path Vulnerability'
References
Vulnerable Configurations
  • cpe:2.3:a:adobe:dreamweaver:11.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:dreamweaver:11.0:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 19-09-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2011-04-25T04:00:07.810-04:00
class vulnerability
contributors
name SecPod Team
organization SecPod Technologies
definition_extensions
comment Adobe Dreamweaver is installed
oval oval:org.mitre.oval:def:12466
description Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc90loc.dll or (2) dwmapi.dll that is located in the same folder as a CSS, PHP, ASP, or other file that automatically launches Dreamweaver.
family windows
id oval:org.mitre.oval:def:12035
status accepted
submitted 2011-03-18T17:36:13
title Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and other versions
version 4
refmap via4
exploit-db 14740
secunia 41110
vupen ADV-2010-2171
Last major update 19-09-2017 - 01:31
Published 26-08-2010 - 18:36
Back to Top