Vulnerabilities > CVE-2010-3914 - DLL Loading Arbitrary Code Execution vulnerability in GVim

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

vim

critical

NVD

Published: 2010-11-03

Updated: 2010-11-05

Summary

Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information. http://www.kb.cert.org/vuls/id/707943 Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

Vulnerable Configurations

Part	Description	Count
Application	Vim VIM Gvim 7.3.01 VIM Gvim 7.3.02 VIM Gvim 7.3.03 VIM Gvim 7.3.04 VIM Gvim 7.3.05 VIM Gvim 7.3.06 VIM Gvim 7.3.07 VIM Gvim 7.3.08 VIM Gvim 7.3.09 VIM Gvim 7.3.010 VIM Gvim 7.3.011 VIM Gvim 7.3.012 VIM Gvim 7.3.013 VIM Gvim 7.3.014 VIM Gvim 7.3.015 VIM Gvim 7.3.016 VIM Gvim 7.3.017 VIM Gvim 7.3.018 VIM Gvim 7.3.019 VIM Gvim 7.3.020 VIM Gvim 7.3.021 VIM Gvim 7.3.022 VIM Gvim 7.3.023 VIM Gvim 7.3.024 VIM Gvim 7.3.025 VIM Gvim 7.3.026 VIM Gvim 7.3.027 VIM Gvim 7.3.028 VIM Gvim 7.3.029 VIM Gvim 7.3.030 VIM Gvim 7.3.031 VIM Gvim 7.3.032 VIM Gvim *	33

Summary

Vulnerable Configurations

References