Vulnerabilities > CVE-2010-3155 - Unspecified vulnerability in Adobe Extendedscript Toolkit CS5 3.5.0.52

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
adobe
critical
exploit available
NVD
Published: 2010-08-27
Updated: 2010-09-09

Summary

Untrusted search path vulnerability in Adobe ExtendScript Toolkit (ESTK) CS5 3.5.0.52 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .jsx file.

Vulnerable Configurations

Part Description Count
Application
Adobe
1

Exploit-Db

descriptionAdobe ExtendedScript Toolkit CS5 v3.5.0.52 DLL Hijacking Exploit (dwmapi.dll). CVE-2010-3155. Local exploit for windows platform
fileexploits/windows/local/14785.c
idEDB-ID:14785
last seen2016-02-01
modified2010-08-25
platformwindows
port
published2010-08-25
reporterLiquidWorm
sourcehttps://www.exploit-db.com/download/14785/
titleAdobe ExtendedScript Toolkit CS5 3.5.0.52 - DLL Hijacking Exploit dwmapi.dll
typelocal

References