Title: Adobe Extension Manager CS5 v5.0.298 (dwmapi.dll) DLL Hijacking Exploit
Advisory ID: ZSL-2010-4951
Type: Local/Remote
Impact: System Access
Risk: (4/5)
Release Date: 26.08.2010

Summary

Easily install new extensions and manage the ones you already have with the Adobe Extension Manager.

Description

Adobe Extension Manager CS5 suffers from a dll hijacking vulnerability that enables the attacker to execute arbitrary code on a local level. The vulnerable extensions are .mxi and .mxp thru dwmapi.dll library.

Vendor

Adobe Systems Inc. - http://www.adobe.com

Affected Version

CS5 v5.0.298

Tested On

Microsoft Windows XP Professional SP3 (English)

Vendor Status

N/A

PoC

adobeem_dll.c

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] http://www.exploit-db.com/exploits/14784
[2] http://packetstormsecurity.org/filedesc/adobeem_dll.txt.html
[3] http://securityreason.com/exploitalert/8768
[4] http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/
[5] http://www.exploit-db.com/dll-hijacking-vulnerable-applications/
[6] http://www.vupen.com/english/advisories/2010/2212
[7] http://osvdb.org/show/osvdb/67566
[8] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-3154
[9] http://www.securityfocus.com/bid/42745

Changelog

[26.08.2010] - Initial release
[27.08.2010] - Added reference [1], [2], [3], [4] and [5]
[28.08.2010] - Added reference [6] and [7]
[31.08.2010] - Added reference [8]
[13.11.2010] - Added reference [9]

Contact

Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk