CVE-2010-3132

Adobe Dreamweaver CS5 11.0 build 4916 and 4909 - Untrusted Search Path and DLL Hijacking via Trojan Horse DLL

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-3132. PoCs published by diwr, Glafkos Charalambous.

AI-analyzed exploit summary This exploit leverages DLL hijacking in Adobe Dreamweaver CS5 by replacing the legitimate mfc90loc.dll with a malicious one. The provided code compiles into a DLL that spawns calc.exe when loaded, demonstrating arbitrary code execution.

Description

Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc90loc.dll or (2) dwmapi.dll that is located in the same folder as a CSS, PHP, ASP, or other file that automatically launches Dreamweaver.

Exploits (2)

exploitdb WORKING POC
by diwr · clocalwindows
https://www.exploit-db.com/exploits/14740

This exploit leverages DLL hijacking in Adobe Dreamweaver CS5 by replacing the legitimate mfc90loc.dll with a malicious one. The provided code compiles into a DLL that spawns calc.exe when loaded, demonstrating arbitrary code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Adobe Dreamweaver CS5 (build 4909 and earlier)
No auth needed
Prerequisites: Victim must open a file (e.g., .php, .asp) in a directory containing the malicious mfc90loc.dll
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Glafkos Charalambous · clocalwindows
https://www.exploit-db.com/exploits/14735

This exploit demonstrates DLL hijacking in Adobe Dreamweaver CS4 by replacing the legitimate ibfs32.dll with a malicious one. The PoC displays a message box upon execution, confirming the vulnerability.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Adobe Dreamweaver CS4 (10.0 Build 4117)
No auth needed
Prerequisites: Victim must open a file with a vulnerable extension in Dreamweaver CS4 · Malicious ibfs32.dll must be placed in the same directory as the file
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2171
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/41110
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/14740
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12035

Scores

EPSS 0.1430
EPSS Percentile 96.1%

Details

Status published
Products (1)
adobe/dreamweaver 11.0
Published Aug 26, 2010
Tracked Since Feb 18, 2026