CVE-2010-3152

Untrusted search path vulnerability in Adobe Illustrator CS4 14.0.0, CS5 15.0.1 and earlier, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or aires.dll that is located in the same folder as an .ait or .eps file.

Published: Aug 27, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-3152
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
adobe / illustrator	14.0	14.0.x
adobe / illustrator	15.0.1	15.0.1.x

http://osvdb.org/67534
http://secunia.com/advisories/41134
http://www.adobe.com/support/security/bulletins/apsb10-29.html
http://www.exploit-db.com/exploits/14773/
http://www.securityfocus.com/archive/1/513335/100/0/threaded
http://www.securitytracker.com/id?1024865
http://www.vupen.com/english/advisories/2010/2198

Vulnerability Database

289,697

CVE-2010-3152