Vulnerability Description
An issue was discovered in IDM UltraEdit through 24.10.0.32. To exploit the vulnerability, on unpatched Windows systems, an attacker could include in the same directory as the affected executable a DLL using the name of a Windows DLL. This DLL must be preloaded by the executable (for example, "ntmarta.dll"). When the installer EXE is executed by the user, the DLL located in the EXE's current directory will be loaded instead of the Windows DLL, allowing the attacker to run arbitrary code on the affected system.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ultraedit | Ultraedit | <= 24.10.0.32 |
Related Weaknesses (CWE)
References
- https://support.microsoft.com/en-us/help/2389418/secure-loading-of-libraries-to-PatchThird Party Advisory
- https://www.fortiguard.com/zeroday/FG-VD-17-089Third Party Advisory
- https://support.microsoft.com/en-us/help/2389418/secure-loading-of-libraries-to-PatchThird Party Advisory
- https://www.fortiguard.com/zeroday/FG-VD-17-089Third Party Advisory
FAQ
What is CVE-2017-12580?
CVE-2017-12580 is a vulnerability with a CVSS score of 7.8 (HIGH). An issue was discovered in IDM UltraEdit through 24.10.0.32. To exploit the vulnerability, on unpatched Windows systems, an attacker could include in the same directory as the affected executable a DL...
How severe is CVE-2017-12580?
CVE-2017-12580 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-12580?
Check the references section above for vendor advisories and patch information. Affected products include: Ultraedit Ultraedit.