CVE-2010-3149

Untrusted search path vulnerability in Adobe Device Central CS5 3.0.0(376), 3.0.1.0 (3027), and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse qtcf.dll that is located in the same folder as an ADCP file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
adobedevice_central_cs5
3.0.0\(376\)
𝑥
= Vulnerable software versions
References
http://osvdb.org/67533
http://secunia.com/advisories/41118
http://www.exploit-db.com/exploits/14755/
http://www.securityfocus.com/archive/1/513323/100/0/threaded
http://www.vupen.com/english/advisories/2010/2196
http://osvdb.org/67533
http://secunia.com/advisories/41118
http://www.exploit-db.com/exploits/14755/
http://www.securityfocus.com/archive/1/513323/100/0/threaded
http://www.vupen.com/english/advisories/2010/2196