CVE-2010-3914

Sažetak

Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.

Reference

ftp://ftp.vim.org/pub/vim/patches/7.3/7.3.034
http://jvn.jp/en/jp/JVN27868039/index.html
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000051.html
http://secunia.com/advisories/42084
http://www.securityfocus.com/bid/44588

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

05-11-2010 - 04:00

Objavljeno

03-11-2010 - 13:37