CVE-2010-3155

Adobe ExtendScript Toolkit (ESTK) CS5 3.5.0.52 - RCE

Title source: llm

Description

Untrusted search path vulnerability in Adobe ExtendScript Toolkit (ESTK) CS5 3.5.0.52 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .jsx file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by LiquidWorm · clocalwindows

https://www.exploit-db.com/exploits/14785

View Code ZIP pw:eip

References (2)

[Exploit] http://www.exploit-db.com/exploits/14785/

[Third Party Advisory] http://www.vupen.com/english/advisories/2010/2213

Scores

EPSS 0.0334

EPSS Percentile 87.3%

Details

Status published

Products (1)

adobe/extendedscript_toolkit_cs5 3.5.0.52

Published Aug 27, 2010

Tracked Since Feb 18, 2026