CVSS: 9.3EPSS: 1%CPEs: 6EXPL: 2CVE-2010-3127 – Adobe Photoshop CS2 - 'Wintab32.dll' DLL Hijacking
https://notcve.org/view.php?id=CVE-2010-3127
Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or Wintab32.dll that is located in the same folder as a PSD or other file that is processed by PhotoShop. NOTE: some of these details are obtained from third party information. Vulnerabilidad de ruta de búsqueda no confiable en Adobe PhotoShop CS2 hasta CS5 permite a usuarios locales, y puede que atacantes remotos, ejecutar código de su elección y producir un ataque de secuestro de DLL, a través de un troyano dwmapi.dll o Wintab32.dll que está ubicado en la misma carpeta que un fichero as a PSD u otro fichero que sea procesado por PhotoShop. NOTA: Algunos de estos detalles han sido obtenidos de fuentes de terceros. • https://www.exploit-db.com/exploits/14741 http://blog.zoller.lu/2010/08/cve-2010-xn-loadlibrarygetprocaddress.html http://secunia.com/advisories/41060 http://www.exploit-db.com/exploits/14741 http://www.vupen.com/english/advisories/2010/2170 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6778 •
CVSS: 4.6EPSS: 0%CPEs: 60EXPL: 0CVE-2006-0525
https://notcve.org/view.php?id=CVE-2006-0525
Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator CS2, and (3) Adobe Help Center, install a large number of .EXE and .DLL files with write-access permission for the Everyone group, which allows local users to gain privileges via Trojan horse programs. • http://secunia.com/advisories/18698 http://securitytracker.com/id?1015577 http://securitytracker.com/id?1015578 http://securitytracker.com/id?1015579 http://www.adobe.com/support/techdocs/332644.html http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf http://www.kb.cert.org/vuls/id/953860 http://www.osvdb.org/22908 http://www.securityfocus.com/archive/1/423587/100/0/threaded http://www.securityfocus.com/bid/16451 http://www.vupen.com/english/advisories/2006/ • CWE-264: Permissions, Privileges, and Access Controls •