CVE-2010-3127

2010-08-2618:36:35

mitre

web.nvd.nist.gov

adobe

photoshop

vulnerability

security

cve-2010-3127

dll

hijacking

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.018

Percentile

88.1%

JSON

Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or Wintab32.dll that is located in the same folder as a PSD or other file that is processed by PhotoShop. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

adobephotoshopMatch9.0

adobephotoshopMatch9.0.1

adobephotoshopMatch9.0.2

adobephotoshopMatch10.0

adobephotoshopMatch11.0

adobephotoshopMatch12.0

VendorProductVersionCPE
adobephotoshop9.0cpe:2.3:a:adobe:photoshop:9.0:*:*:*:*:*:*:*
adobephotoshop9.0.1cpe:2.3:a:adobe:photoshop:9.0.1:*:*:*:*:*:*:*
adobephotoshop9.0.2cpe:2.3:a:adobe:photoshop:9.0.2:*:*:*:*:*:*:*
adobephotoshop10.0cpe:2.3:a:adobe:photoshop:10.0:*:*:*:*:*:*:*
adobephotoshop11.0cpe:2.3:a:adobe:photoshop:11.0:*:*:*:*:*:*:*
adobephotoshop12.0cpe:2.3:a:adobe:photoshop:12.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	photoshop	9.0	cpe:2.3:a:adobe:photoshop:9.0:::::::*
adobe	photoshop	9.0.1	cpe:2.3:a:adobe:photoshop:9.0.1:::::::*
adobe	photoshop	9.0.2	cpe:2.3:a:adobe:photoshop:9.0.2:::::::*
adobe	photoshop	10.0	cpe:2.3:a:adobe:photoshop:10.0:::::::*
adobe	photoshop	11.0	cpe:2.3:a:adobe:photoshop:11.0:::::::*
adobe	photoshop	12.0	cpe:2.3:a:adobe:photoshop:12.0:::::::*