CVE-2010-3914

Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file.  NOTE: some of these details are obtained from third party information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
vimgvim
𝑥
≤ 7.3.033
vimgvim
7.3.01
vimgvim
7.3.02
vimgvim
7.3.03
vimgvim
7.3.04
vimgvim
7.3.05
vimgvim
7.3.06
vimgvim
7.3.07
vimgvim
7.3.08
vimgvim
7.3.09
vimgvim
7.3.010
vimgvim
7.3.011
vimgvim
7.3.012
vimgvim
7.3.013
vimgvim
7.3.014
vimgvim
7.3.015
vimgvim
7.3.016
vimgvim
7.3.017
vimgvim
7.3.018
vimgvim
7.3.019
vimgvim
7.3.020
vimgvim
7.3.021
vimgvim
7.3.022
vimgvim
7.3.023
vimgvim
7.3.024
vimgvim
7.3.025
vimgvim
7.3.026
vimgvim
7.3.027
vimgvim
7.3.028
vimgvim
7.3.029
vimgvim
7.3.030
vimgvim
7.3.031
vimgvim
7.3.032
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
vim
bullseye
2:8.2.2434-3+deb11u1
fixed
bookworm
2:9.0.1378-2
fixed
sid
2:9.1.0777-1
fixed
trixie
2:9.1.0777-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
vim
maverick
not-affected
lucid
not-affected
karmic
not-affected
hardy
not-affected
dapper
not-affected
References
ftp://ftp.vim.org/pub/vim/patches/7.3/7.3.034
http://jvn.jp/en/jp/JVN27868039/index.html
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000051.html
http://secunia.com/advisories/42084
http://www.securityfocus.com/bid/44588
ftp://ftp.vim.org/pub/vim/patches/7.3/7.3.034
http://jvn.jp/en/jp/JVN27868039/index.html
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000051.html
http://secunia.com/advisories/42084
http://www.securityfocus.com/bid/44588