Vulnerabilities > CVE-2010-3132 - Unspecified vulnerability in Adobe Dreamweaver 11.0

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
adobe
critical
exploit available
NVD
Published: 2010-08-26
Updated: 2017-09-19

Summary

Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc90loc.dll or (2) dwmapi.dll that is located in the same folder as a CSS, PHP, ASP, or other file that automatically launches Dreamweaver. Per: http://cwe.mitre.org/data/definitions/426.html CWE-426 - 'Untrusted Search Path Vulnerability'

Vulnerable Configurations

Part Description Count
Application
Adobe
1

Exploit-Db

  • descriptionAdobe Dreamweaver CS5. CVE-2010-3132. Local exploit for windows platform
    fileexploits/windows/local/14740.c
    idEDB-ID:14740
    last seen2016-02-01
    modified2010-08-25
    platformwindows
    port
    published2010-08-25
    reporterdiwr
    sourcehttps://www.exploit-db.com/download/14740/
    titleAdobe Dreamweaver CS5 <= 11.0 build 4909 - DLL Hijacking Exploit mfc90loc.dll
    typelocal
  • descriptionAdobe Dreamweaver CS4 DLL Hijacking Exploit (ibfs32.dll). CVE-2010-3132. Local exploit for windows platform
    idEDB-ID:14735
    last seen2016-02-01
    modified2010-08-24
    published2010-08-24
    reporterGlafkos Charalambous
    sourcehttps://www.exploit-db.com/download/14735/
    titleAdobe Dreamweaver CS4 DLL Hijacking Exploit ibfs32.dll

Oval

accepted2011-04-25T04:00:07.810-04:00
classvulnerability
contributors
nameSecPod Team
organizationSecPod Technologies
definition_extensions
commentAdobe Dreamweaver is installed
ovaloval:org.mitre.oval:def:12466
descriptionUntrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc90loc.dll or (2) dwmapi.dll that is located in the same folder as a CSS, PHP, ASP, or other file that automatically launches Dreamweaver.
familywindows
idoval:org.mitre.oval:def:12035
statusaccepted
submitted2011-03-18T17:36:13
titleUntrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and other versions
version4

References