CVE-2010-3976
Description
Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Untrusted search path vulnerability in Adobe Flash Player on Windows allows DLL hijacking via dwmapi.dll, leading to arbitrary code execution.
Vulnerability
Adobe Flash Player versions before 9.0.289.0 and 10.x before 10.1.102.64 on Windows contain an untrusted search path vulnerability. The application loads the dwmapi.dll library using an insufficiently qualified path, allowing a malicious DLL placed in the same folder as a file processed by Flash Player to be loaded instead of the legitimate system DLL [2].
Exploitation
An attacker can exploit this by placing a malicious dwmapi.dll in a location where Flash Player will load it, such as the user's Desktop or the folder containing a file processed by Flash Player. The user must be tricked into saving the malicious DLL to that location, for example via a download. When the user subsequently opens a Flash file from that folder, the DLL is loaded and executed [2]. Remote attackers could potentially combine this with other techniques to deliver the DLL.
Impact
Successful exploitation allows arbitrary code execution in the context of the user running Flash Player. The attacker gains the same privileges as the user, potentially leading to full system compromise [2].
Mitigation
Adobe released fixed versions: Flash Player 9.0.289.0 and 10.1.102.64. Users should upgrade to these versions or later [3]. No workaround is available for unpatched versions. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities catalog as of the publication date.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
41cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 39 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: <=9.0.277.0
- cpe:2.3:a:adobe:flash_player:10.0.0.584:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.0.12.10:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.0.12.36:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.0.15.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.0.22.87:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.0.32.18:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.0.42.34:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.0.45.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.1.52.14.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.1.52.15:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.1.53.64:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.1.82.76:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.1.85.3:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.1.92.8:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.1.95.1:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:10.1.95.2:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.112.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.114.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.115.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.124.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.125.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.151.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.152.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.155.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.159.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.18d60:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.20.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.246.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.260.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.262.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.28:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.28.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.31:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.31.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.45.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.47.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:9.0.48.0:*:*:*:*:*:*:*
- Range: < 9.0.289.0 or >= 10.0 < 10.1.102.64 on Windows
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
15- www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2010-09/msg00070.htmlnvdExploit
- lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlnvdVendor Advisory
- secunia.com/advisories/43026nvdVendor Advisory
- support.apple.com/kb/HT4435nvdVendor Advisory
- www.adobe.com/support/security/bulletins/apsb10-26.htmlnvdVendor Advisory
- www.vupen.com/english/advisories/2010/2903nvdVendor Advisory
- www.vupen.com/english/advisories/2011/0192nvdVendor Advisory
- core.yehg.net/lab/pr0js/advisories/dll_hijacking/%5Bflash_player%5D_10.1.x_insecure_dll_hijacking_%28dwmapi.dll%29nvd
- lists.opensuse.org/opensuse-security-announce/2010-11/msg00002.htmlnvd
- marc.infonvd
- security.gentoo.org/glsa/glsa-201101-09.xmlnvd
- www.acrossecurity.com/aspr/ASPR-2010-11-05-1-PUB.txtnvd
- www.securityfocus.com/archive/1/514653/100/0/threadednvd
- www.securityfocus.com/bid/44671nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6926nvd
News mentions
0No linked articles in our index yet.