CVE-2010-3914

2010-11-0313:37:08

Debian Security Bug Tracker

security-tracker.debian.org

vulnerability

vim gvim

dll hijacking

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.007

Percentile

80.6%

JSON

Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.

OSVersionArchitecturePackageVersionFilename
Debian12allvim< 2:9.0.1378-2vim_2:9.0.1378-2_all.deb
Debian11allvim< 2:8.2.2434-3+deb11u1vim_2:8.2.2434-3+deb11u1_all.deb
Debian999allvim< 2:9.1.0709-2vim_2:9.1.0709-2_all.deb
Debian13allvim< 2:9.1.0709-2vim_2:9.1.0709-2_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	vim	< 2:9.0.1378-2	vim_2:9.0.1378-2_all.deb
Debian	11	all	vim	< 2:8.2.2434-3+deb11u1	vim_2:8.2.2434-3+deb11u1_all.deb
Debian	999	all	vim	< 2:9.1.0709-2	vim_2:9.1.0709-2_all.deb
Debian	13	all	vim	< 2:9.1.0709-2	vim_2:9.1.0709-2_all.deb