CVE-2010-3402

Name of the Vulnerable Software and Affected Versions IDM Computer Solutions UltraEdit versions 16.10.0.1036, 16.20.0.1009

Description The issue allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll. This can occur when the dwmapi.dll is located in the same folder as certain file types, including bin, cpp, css, c, dat, hpp, html, h, ini, java, log, mak, php, prj, txt, or xml files.

Recommendations For versions 16.10.0.1036 and 16.20.0.1009, consider restricting access to the affected file types or removing them from the search path to minimize the risk of exploitation. As a temporary workaround, avoid using the vulnerable UltraEdit versions in environments where untrusted files may be present.