How severe is CVE-2017-12580?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2017-12580?

This is classified as CWE-426, which is a common weakness in software security.

CVE-2017-12580 - HIGH Severity | CVSS 7.8

Vulnerability Description

An issue was discovered in IDM UltraEdit through 24.10.0.32. To exploit the vulnerability, on unpatched Windows systems, an attacker could include in the same directory as the affected executable a DLL using the name of a Windows DLL. This DLL must be preloaded by the executable (for example, "ntmarta.dll"). When the installer EXE is executed by the user, the DLL located in the EXE's current directory will be loaded instead of the Windows DLL, allowing the attacker to run arbitrary code on the affected system.

Related Vulnerabilities

CVE-2013-2773

HIGH

CVSS:7.8(High)

Nitro PDF 8.5.0.26: A specially crafted DLL file can facilitate Arbitrary Code Execution

CWE-4262013

CVE-2013-3494

HIGH

CVSS:7.8(High)

A Code Execution Vulnerability exists in UMPlayer 0.98 in wintab32.dll due to insufficient path restrictions when loading external libraries. which could let a malicious user execute arbitrary code.

CWE-4262013

CVE-2013-3942

HIGH

CVSS:7.8(High)

Potplayer prior to 1.5.39659: DLL Loading Arbitrary Code Execution Vulnerability

CWE-4262013

CVE-2014-3860

HIGH

CVSS:7.8(High)

Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability

CWE-4262014

CVE-2014-8358

HIGH

CVSS:7.8(High)

Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the ...

CWE-4262014

CVE-2015-0974

HIGH

CVSS:7.8(High)

Untrusted search path vulnerability in ZTE Datacard MF19 0V1.0.0B04 allows local users to gain privilege by modifying the 'Ucell Internet' directory to reference a malicious mms_dll_r.dll or mediaplay...

CWE-4262015