Vulnerability Details : CVE-2010-3152
Untrusted search path vulnerability in Adobe Illustrator CS4 14.0.0, CS5 15.0.1 and earlier, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or aires.dll that is located in the same folder as an .ait or .eps file.
Vulnerability category: Execute code
Exploit prediction scoring system (EPSS) score for CVE-2010-3152
Probability of exploitation activity in the next 30 days: 4.59%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 91 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2010-3152
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2010-3152
-
http://www.vupen.com/english/advisories/2010/2198
Webmail | OVH- OVHVendor Advisory
-
http://www.securitytracker.com/id?1024865
Adobe Illustrator DLL Loading Error Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
http://www.exploit-db.com/exploits/14773/
Adobe Illustrator CS4 - 'aires.dll' DLL Hijacking - Windows local ExploitExploit
-
http://www.securityfocus.com/archive/1/513335/100/0/threaded
SecurityFocus
-
http://www.adobe.com/support/security/bulletins/apsb10-29.html
Adobe - Security Bulletins: APSB10-29 - Security update available for Adobe Illustrator CS5
Products affected by CVE-2010-3152
- cpe:2.3:a:adobe:illustrator:15.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:illustrator:14.0:*:*:*:*:*:*:*