Description
Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
References (5)
Core 5
Core References
Patch x_refsource_confirm
ftp://ftp.vim.org/pub/vim/patches/7.3/7.3.034
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42084
Patch third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN27868039/index.html
Third Party Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000051.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/44588
Scores
EPSS
0.0264
EPSS Percentile
85.9%
Details
Status
published
Products (33)
vim/gvim
7.3.01
vim/gvim
7.3.02
vim/gvim
7.3.03
vim/gvim
7.3.04
vim/gvim
7.3.05
vim/gvim
7.3.06
vim/gvim
7.3.07
vim/gvim
7.3.08
vim/gvim
7.3.09
vim/gvim
7.3.010
... and 23 more
Published
Nov 03, 2010
Tracked Since
Feb 18, 2026