Lucene search

[email protected]CVE-2010-3402

HistoryOct 03, 2022 - 4:20 p.m.

CVE-2010-3402

2022-10-0316:20:56

[email protected]

web.nvd.nist.gov

cve-2010-3402

untrusted search path

idm ultraedit

arbitrary code execution

dll hijacking

vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.2%

JSON

Untrusted search path vulnerability in IDM Computer Solutions UltraEdit 16.20.0.1009, 16.10.0.1036, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a bin, cpp, css, c, dat, hpp, html, h, ini, java, log, mak, php, prj, txt, or xml file.

Affected configurations

NVD

Node

ultraeditultraeditMatch16.10.0.1036

ultraeditultraeditMatch16.20.0.1009

CPENameOperatorVersion
ultraedit:ultraeditultraediteq16.10.0.1036
ultraedit:ultraeditultraediteq16.20.0.1009

CPE	Name	Operator	Version
ultraedit:ultraedit	ultraedit	eq	16.10.0.1036
ultraedit:ultraedit	ultraedit	eq	16.20.0.1009

References

archives.neohapsis.com/archives/fulldisclosure/2010-09/0227.html

osvdb.org/67995

secunia.com/advisories/41403

www.securityfocus.com/bid/43183

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.2%

JSON

Related for CVE-2010-3402

cvelist1 openvas2 nvd1 prion1 kaspersky1