Vulnerabilities > CVE-2010-3132 - Unspecified vulnerability in Adobe Dreamweaver 11.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc90loc.dll or (2) dwmapi.dll that is located in the same folder as a CSS, PHP, ASP, or other file that automatically launches Dreamweaver. Per: http://cwe.mitre.org/data/definitions/426.html CWE-426 - 'Untrusted Search Path Vulnerability'
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Adobe Dreamweaver CS5. CVE-2010-3132. Local exploit for windows platform file exploits/windows/local/14740.c id EDB-ID:14740 last seen 2016-02-01 modified 2010-08-25 platform windows port published 2010-08-25 reporter diwr source https://www.exploit-db.com/download/14740/ title Adobe Dreamweaver CS5 <= 11.0 build 4909 - DLL Hijacking Exploit mfc90loc.dll type local description Adobe Dreamweaver CS4 DLL Hijacking Exploit (ibfs32.dll). CVE-2010-3132. Local exploit for windows platform id EDB-ID:14735 last seen 2016-02-01 modified 2010-08-24 published 2010-08-24 reporter Glafkos Charalambous source https://www.exploit-db.com/download/14735/ title Adobe Dreamweaver CS4 DLL Hijacking Exploit ibfs32.dll
Oval
accepted | 2011-04-25T04:00:07.810-04:00 | ||||
class | vulnerability | ||||
contributors |
| ||||
definition_extensions |
| ||||
description | Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc90loc.dll or (2) dwmapi.dll that is located in the same folder as a CSS, PHP, ASP, or other file that automatically launches Dreamweaver. | ||||
family | windows | ||||
id | oval:org.mitre.oval:def:12035 | ||||
status | accepted | ||||
submitted | 2011-03-18T17:36:13 | ||||
title | Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and other versions | ||||
version | 4 |