CVE-2010-3402 - Untrusted search path vulnerability in IDM Computer Solutions UltraEdit 16.20.0.1009, 16.10.0.1036,

CVE-2010-3402

Summary

Untrusted search path vulnerability in IDM Computer Solutions UltraEdit 16.20.0.1009, 16.10.0.1036, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a bin, cpp, css, c, dat, hpp, html, h, ini, java, log, mak, php, prj, txt, or xml file. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

References

Vulnerable Configurations

cpe:2.3:a:ultraedit:ultraedit:16.10.0.1036:*:*:*:*:*:*:*
cpe:2.3:a:ultraedit:ultraedit:16.10.0.1036:*:*:*:*:*:*:*
cpe:2.3:a:ultraedit:ultraedit:16.20.0.1009:*:*:*:*:*:*:*
cpe:2.3:a:ultraedit:ultraedit:16.20.0.1009:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 30-10-2018 - 16:26)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	43183
fulldisc	20100912 UltraEdit Text Editor version 16.10.0.1036 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)
osvdb	67995
secunia	41403

statements via4

contributor	ultraedit
lastmodified	2012-03-06
organization	UltraEdit
statement	This issue was resolved and patched on 9/15/2010.

Last major update

30-10-2018 - 16:26

Published

16-09-2010 - 20:00

Last modified

30-10-2018 - 16:26