Vulnerabilities (CVE)

Filtered by vendor Ultraedit Subscribe
Filtered by product Ultraedit
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-12580 1 Ultraedit 1 Ultraedit 2024-11-21 6.9 MEDIUM 7.8 HIGH
An issue was discovered in IDM UltraEdit through 24.10.0.32. To exploit the vulnerability, on unpatched Windows systems, an attacker could include in the same directory as the affected executable a DLL using the name of a Windows DLL. This DLL must be preloaded by the executable (for example, "ntmarta.dll"). When the installer EXE is executed by the user, the DLL located in the EXE's current directory will be loaded instead of the Windows DLL, allowing the attacker to run arbitrary code on the affected system.
CVE-2010-3402 1 Ultraedit 1 Ultraedit 2024-11-21 9.3 HIGH N/A
Untrusted search path vulnerability in IDM Computer Solutions UltraEdit 16.20.0.1009, 16.10.0.1036, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a bin, cpp, css, c, dat, hpp, html, h, ini, java, log, mak, php, prj, txt, or xml file.