CVE-2010-3153

Adobe InDesign CS4 6.0 - Untrusted Search Path Vulnerability via Trojan Horse DLL

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3153. PoCs published by Glafkos Charalambous.

AI-analyzed exploit summary This exploit demonstrates DLL hijacking in Adobe InDesign CS4 by replacing the legitimate ibfs32.dll with a malicious one. The DllMain function triggers a MessageBox popup upon execution, proving the vulnerability.

Description

Untrusted search path vulnerability in Adobe InDesign CS4 6.0, InDesign CS5 7.0.2 and earlier, Adobe InDesign Server CS5 7.0.2 and earlier, and Adobe InCopy CS5 7.0.2 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ibfs32.dll that is located in the same folder as an .indl, .indp, .indt, or .inx file.

Exploits (1)

exploitdb WORKING POC

by Glafkos Charalambous · clocalwindows

https://www.exploit-db.com/exploits/14775

View Code ZIP pw:eip

This exploit demonstrates DLL hijacking in Adobe InDesign CS4 by replacing the legitimate ibfs32.dll with a malicious one. The DllMain function triggers a MessageBox popup upon execution, proving the vulnerability.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Adobe InDesign CS4 v6.0

No auth needed

Prerequisites: Victim must open a vulnerable file extension (.indl, .indp, .indt, .inx) in a directory where the malicious DLL is placed

MITRE ATT&CK

T1574.001 - DLL

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Various Sources x_refsource_confirm

http://www.adobe.com/support/security/bulletins/apsb10-24.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/41126

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1024612

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/513340/100/0/threaded

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/14775/

Scores

EPSS 0.1381

EPSS Percentile 96.0%

Details

Status published

Products (1)

adobe/indesign_cs4 6.0

Published Aug 27, 2010

Tracked Since Feb 18, 2026