Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 build 4916, build 4909, and probably other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) mfc90loc.dll or (2) dwmapi.dll that is located in the same folder as a CSS, PHP, ASP, or other file that automatically launches Dreamweaver.
Conclusion & alert: CVE-2010-3132 is rated High Exploit Risk (85.6/100): CVSS Critical severity, with high exploitation likelihood (EPSS 14.04%, 96th percentile). Core evidence: 3 public exploit reference(s) are indexed (Exploit-DB). Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
| EDB-ID | Source | Kind | Published | Link |
|---|---|---|---|---|
| 14740 | exploit_db | edb | 2010-08-25 | Exploit-DB ↗ |
| 14735 | exploit_db | edb | 2010-08-24 | Exploit-DB ↗ |
| — | nvd_ref | exploit_tag | Exploit-DB ↗ |
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-24 | 14.30% | 14.04% | -0.26% |
| 2 | 2026-06-15 | 3.17% | 14.30% | +11.13% |
| 3 | 2025-05-05 | — | 3.17% | — |
Full EPSS history (12 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 9.3 | 2.0 | HIGH |
|
8.6 | 10.0 | [email protected] |
: Per: http://cwe.mitre.org/data/definitions/426.html CWE-426 - 'Untrusted Search Path Vulnerability'
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| adobe | dreamweaver | 11.0 | cpe:2.3:a:adobe:dreamweaver:11.0:*:*:*:*:*:*:* |