CVE-2010-3153
First published: Fri Aug 27 2010(Updated: )
Untrusted search path vulnerability in Adobe InDesign CS4 6.0, InDesign CS5 7.0.2 and earlier, Adobe InDesign Server CS5 7.0.2 and earlier, and Adobe InCopy CS5 7.0.2 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ibfs32.dll that is located in the same folder as an .indl, .indp, .indt, or .inx file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe InDesign CS4 | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2010-3153?
CVE-2010-3153 is classified as an important vulnerability due to its potential to allow arbitrary code execution.
How do I fix CVE-2010-3153?
To mitigate CVE-2010-3153, users should update Adobe InDesign to the latest version that addresses this vulnerability.
Who is affected by CVE-2010-3153?
CVE-2010-3153 affects users of Adobe InDesign CS4 6.0, CS5 7.0.2 and earlier, Adobe InDesign Server CS5 7.0.2, and Adobe InCopy CS5 7.0.2.
What types of attacks can be executed due to CVE-2010-3153?
CVE-2010-3153 may allow local users and potentially remote attackers to execute arbitrary code through DLL hijacking attacks.
Is there a specific workaround for CVE-2010-3153?
There are no known specific workarounds for CVE-2010-3153 other than applying software updates to secure the application.
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/adobe
- canonical/adobe indesign cs4
- version/adobe indesign cs4/6.0