CVE-2010-3132

Adobe Dreamweaver CS5 11.0 - RCE

Title source: llm

Description

Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc90loc.dll or (2) dwmapi.dll that is located in the same folder as a CSS, PHP, ASP, or other file that automatically launches Dreamweaver.

Exploits (2)

exploitdb WORKING POC

by diwr · clocalwindows

https://www.exploit-db.com/exploits/14740

View Code ZIP pw:eip

exploitdb WORKING POC

by Glafkos Charalambous · clocalwindows

https://www.exploit-db.com/exploits/14735

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://secunia.com/advisories/41110

[Exploit] http://www.exploit-db.com/exploits/14740

[Vendor Advisory] http://www.vupen.com/english/advisories/2010/2171

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12035

Scores

EPSS 0.0317

EPSS Percentile 87.0%

Details

Status published

Products (1)

adobe/dreamweaver 11.0

Published Aug 26, 2010

Tracked Since Feb 18, 2026