CVE-2010-3149

Adobe Device Central CS5 <3.0.1.0 - RCE

Title source: llm

Description

Untrusted search path vulnerability in Adobe Device Central CS5 3.0.0(376), 3.0.1.0 (3027), and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse qtcf.dll that is located in the same folder as an ADCP file.

Exploits (1)

exploitdb WORKING POC

by Glafkos Charalambous · clocalwindows

https://www.exploit-db.com/exploits/14755

View Code ZIP pw:eip

References (5)

[Third Party Advisory, VDB Entry] http://osvdb.org/67533

[Vendor Advisory] http://secunia.com/advisories/41118

[Exploit] http://www.exploit-db.com/exploits/14755/

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/513323/100/0/threaded

[Third Party Advisory] http://www.vupen.com/english/advisories/2010/2196

Scores

EPSS 0.0417

EPSS Percentile 88.7%

Details

Status published

Products (1)

adobe/device_central_cs5 3.0.0\(376\)

Published Aug 27, 2010

Tracked Since Feb 18, 2026