← Advisories

Adobe Extension Manager CS5 v5.0.298 (dwmapi.dll) DLL Hijacking Exploit

High

Advisory ID

ZSL-2010-4951

Release Date

26 August 2010

Vendor

Adobe Systems Inc. - http://www.adobe.com

Affected Version

CS5 v5.0.298

CVE

CVE-2010-3154

Tested On

Microsoft Windows XP Professional SP3 (English)

Summary

Easily install new extensions and manage the ones you already have with the Adobe Extension Manager.

Description

Adobe Extension Manager CS5 suffers from a dll hijacking vulnerability that enables the attacker to execute arbitrary code on a local level. The vulnerable extensions are .mxi and .mxp thru dwmapi.dll library.

Proof of Concept

adobeem_dll.cTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]http://www.exploit-db.com/exploits/14784

[2]http://packetstormsecurity.org/filedesc/adobeem_dll.txt.html

[3]http://securityreason.com/exploitalert/8768

[4]http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/

[5]http://www.exploit-db.com/dll-hijacking-vulnerable-applications/

[6]http://www.vupen.com/english/advisories/2010/2212

[7]http://osvdb.org/show/osvdb/67566

[8]http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-3154

[9]http://www.securityfocus.com/bid/42745

Changelog

26.08.2010Initial release

27.08.2010Added reference [1], [2], [3], [4] and [5]

28.08.2010Added reference [6] and [7]

31.08.2010Added reference [8]

13.11.2010Added reference [9]