CVE-2010-3155
published 2010-08-27CVE-2010-3155: Untrusted search path vulnerability in Adobe ExtendScript Toolkit (ESTK) CS5 3.5.0.52 allows local users, and possibly remote attackers, to execute arbitrary…
PriorityP348critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
12.21%
95.7th percentile
Untrusted search path vulnerability in Adobe ExtendScript Toolkit (ESTK) CS5 3.5.0.52 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a .jsx file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | extendedscript_toolkit_cs5 | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Adobe ExtendedScript Toolkit CS5 3.5.0.52 - 'dwmapi.dll' DLL Hijacking
exploitdb·2010-08-25
CVE-2010-3155 Adobe ExtendedScript Toolkit CS5 3.5.0.52 - 'dwmapi.dll' DLL Hijacking
Adobe ExtendedScript Toolkit CS5 3.5.0.52 - 'dwmapi.dll' DLL Hijacking
---
/*
Adobe ExtendedScript Toolkit CS5 v3.5.0.52 (dwmapi.dll) DLL Hijacking Exploit
Vendor: Adobe Systems Inc.
Product Web Page: http://www.adobe.com
Affected Version: CS5 v3.5.0.52 ExtendScript 4.1.23 ScriptUI 5.1.37
Summary: The ExtendScript Toolkit (ESTK) 3.5.0 is a scripting utility
included with Adobe® Creative Suite CS5 and other Adobe applications.
The ESTK is used for creating, editing, and debugging JavaScript to be
used for scripting Adobe applications.
Desc: Adobe ExtendScript Toolkit CS5 suffers from a dll hijacking vulnerability
that enables the attacker to execute arbitrary code on a local level. The
vulnerable extension is .jsx thru dwmapi.dll library.
----
gcc -shared -o dwmapi.dll adobeest.c
Co
Exploit-DB
MailEnable - IMAPD W3C Logging Buffer Overflow (Metasploit)
exploitdb·2010-06-15
CVE-2005-3155 MailEnable - IMAPD W3C Logging Buffer Overflow (Metasploit)
MailEnable - IMAPD W3C Logging Buffer Overflow (Metasploit)
---
##
# $Id: mailenable_w3c_select.rb 9525 2010-06-15 07:18:08Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'MailEnable IMAPD W3C Logging Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow in the W3C logging
functionality of the MailEnable IMAPD service. Logging is
not enabled by default and this exploit requires a valid
username and password to exploit the flaw. MailEnable
Professional version 1.6 and prior and MailEnable Enterprise
version 1
No writeups or analysis indexed.
2010-08-27
Published