Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-3132

5 documents4 sources
Severity
9.3CRITICAL
EPSS
3.2%
top 13.07%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Adobe Dreamweaver
Timeline
PublishedAug 26
Latest updateMay 17

Description

Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc90loc.dll or (2) dwmapi.dll that is located in the same folder as a CSS, PHP, ASP, or other file that automatically launches Dreamweaver.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

â–¶NVDadobe/dreamweaver11.0

🔴Vulnerability Details

2
GHSA
GHSA-638c-cq5x-v2qp: Untrusted search path vulnerability in Adobe Dreamweaver CS5 11↗2022-05-17
â–¶
CVEList
CVE-2010-3132: Untrusted search path vulnerability in Adobe Dreamweaver CS5 11↗2010-08-26
â–¶

💥Exploits & PoCs

2
Exploit-DB
Adobe Dreamweaver CS5 11.0 build 4909 - 'mfc90loc.dll' DLL Hijacking↗2010-08-25
â–¶
Exploit-DB
Adobe Dreamweaver CS4 - 'ibfs32.dll' DLL Hijacking↗2010-08-24
â–¶
CVE-2010-3132 (CRITICAL CVSS 9.3) | Untrusted search path vulnerability | cvebase.io