CVE-2010-3149

Name of the Vulnerable Software and Affected Versions Adobe Device Central CS5 version 3.0.0(376) Adobe Device Central CS5 version 3.0.1.0 (3027) Adobe Device Central CS5 (other versions possibly affected)

Description The issue allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks. This is achieved via a Trojan horse qtcf.dll located in the same folder as an ADCP file.

Recommendations For Adobe Device Central CS5 version 3.0.0(376), consider removing or restricting access to the qtcf.dll file until a patch is available. For Adobe Device Central CS5 version 3.0.1.0 (3027), avoid using the software with untrusted ADCP files until the issue is resolved. For other possibly affected versions of Adobe Device Central CS5, restrict access to the qtcf.dll file and avoid using the software with untrusted ADCP files until the issue is resolved.