Ultraedit Security Vulnerabilities

CVE-2001-0983

UltraEdit uses weak encryption to record FTP passwords in the uedit32.ini file, which allows local users who can read the file to decrypt the passwords and gain privileges.

CVE-2010-3402

Untrusted search path vulnerability in IDM Computer Solutions UltraEdit 16.20.0.1009, 16.10.0.1036, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same fo...

CVE-2017-12580

An issue was discovered in IDM UltraEdit through 24.10.0.32. To exploit the vulnerability, on unpatched Windows systems, an attacker could include in the same directory as the affected executable a DLL using the name of a Windows DLL. This DLL must be preloaded by the executable (for example, "ntma...