CVE-2010-3152

Untrusted search path vulnerability in Adobe Illustrator CS4 14.0.0, CS5 15.0.1 and earlier, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or aires.dll that is located in the same folder as an .ait or .eps file.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.exploit-db.com/exploits/14773/	Exploit
http://secunia.com/advisories/41134	Vendor Advisory
http://www.vupen.com/english/advisories/2010/2198	Vendor Advisory
http://osvdb.org/67534
http://www.adobe.com/support/security/bulletins/apsb10-29.html
http://www.securitytracker.com/id?1024865
http://www.securityfocus.com/archive/1/513335/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:adobe:illustrator:15.0.1:::::::*
	cpe:2.3:a:adobe:illustrator:14.0:::::::*

Information

Published : 2010-08-27 12:00

Updated : 2018-10-10 13:01

NVD link : CVE-2010-3152

Mitre link : CVE-2010-3152

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

adobe

illustrator

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.exploit-db.com/exploits/14773/", "name": "14773", "tags": ["Exploit"], "refsource": "EXPLOIT-DB"}, {"url": "http://secunia.com/advisories/41134", "name": "41134", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2010/2198", "name": "ADV-2010-2198", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://osvdb.org/67534", "name": "67534", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.adobe.com/support/security/bulletins/apsb10-29.html", "name": "http://www.adobe.com/support/security/bulletins/apsb10-29.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securitytracker.com/id?1024865", "name": "1024865", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/archive/1/513335/100/0/threaded", "name": "20100825 Adobe Illustrator CS4 DLL Hijacking Exploit (aires.dll)", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Untrusted search path vulnerability in Adobe Illustrator CS4 14.0.0, CS5 15.0.1 and earlier, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or aires.dll that is located in the same folder as an .ait or .eps file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-3152", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2010-08-27T19:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:adobe:illustrator:15.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:adobe:illustrator:14.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-10T20:01Z"}