Untrusted Search Path Vulnerability in GVim by VIM Development Group
CVE-2010-3914

Currently unrated

Key Information:

Vendor: Vim
Status: Gvim
Vendor: CVE Published:; 3 November 2010

What is CVE-2010-3914?

The untrusted search path vulnerability in GVim allows local users, and potentially remote attackers, to exploit the software and execute arbitrary code. This is done through the placement of a malicious User32.dll or similar DLL files in the same directory as a .TXT file, leading to DLL hijacking. This security flaw highlights the risks associated with the way applications handle dynamic link libraries, making it crucial for users to ensure proper software configuration and patching.

References

http://www.securityfocus.com/bid/44588

vdb-entryx_refsource_BID

ftp://ftp.vim.org/pub/vim/patches/7.3/7.3.034

x_refsource_CONFIRM

http://secunia.com/advisories/42084

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 3, 2010