Vulnerabilities > CVE-2010-3402 - DLL Loading Arbitrary Code Execution vulnerability in IDM Computer Solutions UltraEdit 'dwmapi.dll'
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Untrusted search path vulnerability in IDM Computer Solutions UltraEdit 16.20.0.1009, 16.10.0.1036, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a bin, cpp, css, c, dat, hpp, html, h, ini, java, log, mak, php, prj, txt, or xml file. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Statements
contributor | ultraedit |
lastmodified | 2012-03-06 |
organization | UltraEdit |
statement | This issue was resolved and patched on 9/15/2010. |