CVE-2010-3132

Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc90loc.dll or (2) dwmapi.dll that is located in the same folder as a CSS, PHP, ASP, or other file that automatically launches Dreamweaver.

Published: Aug 26, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-3132
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
adobe / dreamweaver	11.0	11.0.x

http://secunia.com/advisories/41110
http://www.exploit-db.com/exploits/14740
http://www.vupen.com/english/advisories/2010/2171
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12035

Vulnerability Database

289,599

CVE-2010-3132