Title: Adobe ExtendedScript Toolkit CS5 v3.5.0.52 (dwmapi.dll) DLL Hijacking Exploit
Advisory ID: ZSL-2010-4952
Type: Local/Remote
Impact: System Access
Risk: (4/5)
Release Date: 26.08.2010

Summary

The ExtendScript Toolkit (ESTK) 3.5.0 is a scripting utility included with Adobe® Creative Suite CS5 and other Adobe applications. The ESTK is used for creating, editing, and debugging JavaScript to be used for scripting Adobe applications.

Description

Adobe ExtendScript Toolkit CS5 suffers from a dll hijacking vulnerability that enables the attacker to execute arbitrary code on a local level. The vulnerable extension is .jsx thru dwmapi.dll library.

Vendor

Adobe Systems Inc. - http://www.adobe.com

Affected Version

CS5 v3.5.0.52 ExtendScript 4.1.23 ScriptUI 5.1.37

Tested On

Microsoft Windows XP Professional SP3 (English)

Vendor Status

N/A

PoC

adobeest_dll.c

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] http://www.exploit-db.com/exploits/14785
[2] http://packetstormsecurity.org/filedesc/adobeest_dll.txt.html
[3] http://securityreason.com/exploitalert/8780
[4] http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/
[5] http://www.exploit-db.com/dll-hijacking-vulnerable-applications/
[6] http://www.vupen.com/english/advisories/2010/2213
[7] http://osvdb.org/show/osvdb/67550
[8] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-3155
[9] http://www.securityfocus.com/bid/42749

Changelog

[26.08.2010] - Initial release
[27.08.2010] - Added reference [1], [2], [3], [4] and [5]
[28.08.2010] - Added reference [6] and [7]
[31.08.2010] - Added reference [8]
[13.11.2010] - Added reference [9]

Contact

Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk