← Advisories

Adobe ExtendedScript Toolkit CS5 v3.5.0.52 (dwmapi.dll) DLL Hijacking Exploit

High
Advisory ID
ZSL-2010-4952
Release Date
26 August 2010
Vendor
Adobe Systems Inc. - http://www.adobe.com
Affected Version
CS5 v3.5.0.52 ExtendScript 4.1.23 ScriptUI 5.1.37
CVE
CVE-2010-3155
Tested On
Microsoft Windows XP Professional SP3 (English)
Summary

The ExtendScript Toolkit (ESTK) 3.5.0 is a scripting utility included with AdobeĀ® Creative Suite CS5 and other Adobe applications. The ESTK is used for creating, editing, and debugging JavaScript to be used for scripting Adobe applications.

Description

Adobe ExtendScript Toolkit CS5 suffers from a dll hijacking vulnerability that enables the attacker to execute arbitrary code on a local level. The vulnerable extension is .jsx thru dwmapi.dll library.

Proof of Concept
adobeest_dll.cTXT
Disclosure Timeline
N/A
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://www.exploit-db.com/exploits/14785
[2]http://packetstormsecurity.org/filedesc/adobeest_dll.txt.html
[3]http://securityreason.com/exploitalert/8780
[4]http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/
[5]http://www.exploit-db.com/dll-hijacking-vulnerable-applications/
[6]http://www.vupen.com/english/advisories/2010/2213
[7]http://osvdb.org/show/osvdb/67550
[8]http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-3155
[9]http://www.securityfocus.com/bid/42749
Changelog
26.08.2010Initial release
27.08.2010Added reference [1], [2], [3], [4] and [5]
28.08.2010Added reference [6] and [7]
31.08.2010Added reference [8]
13.11.2010Added reference [9]