CVE-2010-3914 Information

Description

Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034 and possibly other versions before 7.3.46 allows local users and possibly remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.

Reference

ftp://ftp.vim.org/pub/vim/patches/7.3/7.3.034 http://jvn.jp/en/jp/JVN27868039/index.html http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000051.html http://secunia.com/advisories/42084 http://www.securityfocus.com/bid/44588