ID CVE-2010-3402
Summary Untrusted search path vulnerability in IDM Computer Solutions UltraEdit 16.20.0.1009, 16.10.0.1036, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a bin, cpp, css, c, dat, hpp, html, h, ini, java, log, mak, php, prj, txt, or xml file. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'
References
Vulnerable Configurations
  • cpe:2.3:a:ultraedit:ultraedit:16.10.0.1036:*:*:*:*:*:*:*
    cpe:2.3:a:ultraedit:ultraedit:16.10.0.1036:*:*:*:*:*:*:*
  • cpe:2.3:a:ultraedit:ultraedit:16.20.0.1009:*:*:*:*:*:*:*
    cpe:2.3:a:ultraedit:ultraedit:16.20.0.1009:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 30-10-2018 - 16:26)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid 43183
fulldisc 20100912 UltraEdit Text Editor version 16.10.0.1036 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)
osvdb 67995
secunia 41403
statements via4
contributor ultraedit
lastmodified 2012-03-06
organization UltraEdit
statement This issue was resolved and patched on 9/15/2010.
Last major update 30-10-2018 - 16:26
Published 16-09-2010 - 20:00
Last modified 30-10-2018 - 16:26
Back to Top