CVE-2010-3914

Published Nov 3, 2010

Last updated 3 months ago

CVSS info 9.3

Overview

Description: Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
Source: vultures@jpcert.or.jp
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Evaluator

Comment: Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'
Impact: http://www.kb.cert.org/vuls/id/707943
Solution: http://www.kb.cert.org/vuls/id/707943

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vim:gvim:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "725EE2B7-96C9-4972-8A7E-E69093F95B2E",
            "versionEndIncluding": "7.3.033"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6BF03D66-FE40-44F2-A3DD-C5B87836DDDC"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.02:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C08D893-042C-4ED1-86B6-1B8FE2E1D213"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9AD47983-31F2-43D6-99C2-F69D121AD2FD"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3E69659-8C99-4448-B103-81A5F435DE23"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.05:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E16D1B11-4CF5-4A9E-B022-B19D1C31DCC4"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "857EC47A-BE90-4A8C-9A06-637FCE871713"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.07:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D5AAB0D-8334-425A-8321-89B0D0AFBFB3"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.08:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D4E37D8-3AAA-4135-AD35-0446BB9C1EB2"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.09:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "841B6A12-C5D9-4836-8CC3-6E66ABA43C63"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.010:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CD69DCE-85A8-425F-9ADB-C6A09E520549"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.011:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F182D6F9-0533-4AA5-8F8D-EC8929350DAF"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.012:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA59E723-8B3D-40D9-81EF-21091ECA747B"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.013:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "236381E0-D186-4A28-A696-CE35A03E3616"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.014:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51C542A6-F194-46E4-B943-678590C199CC"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.015:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECA565AB-B9A8-49CD-8553-DFB7450A32FB"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.016:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC2E6CC8-FA17-4FE3-ADBB-4E84555B6FBC"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.017:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8A0F0E45-E428-4FD1-9FB0-2B0DCEAF9FC3"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.018:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2FCF5A56-DB53-4B6F-ACB8-D5D48C0E4BEE"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.019:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A614F92-9EC0-4AFB-B5C8-193A9D471057"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.020:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8E6D309-1985-4F3F-A25F-575E158BFC51"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.021:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53F7B164-4563-45EF-B9AF-577AE303FAA3"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.022:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9EE86FA1-7D5A-4DA0-8995-3B65E1B2EFF5"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.023:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E80404AC-32BB-466A-9A7C-BEE4E4879C5C"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.024:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E10A79CE-DC4F-4E37-992F-54F8ABD8A51E"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.025:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FDC5DE3D-4F80-43E2-A866-FEBECE405A30"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.026:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "093FB356-0246-4DDF-AADD-0FCDA1CA1C1B"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.027:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "597AAEEB-1F5C-45E6-83EC-E80937B390FA"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.028:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE277E41-16EF-4B9A-BEC5-8A98376E91AD"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.029:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F32C2454-8A07-451C-AA14-C7513458B349"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.030:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5D381F5-42C9-484F-BC2A-534F40A5E921"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.031:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C16BC269-A435-4C9D-86C8-6F53C7FF1341"
          },
          {
            "criteria": "cpe:2.3:a:vim:gvim:7.3.032:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8245FA83-9DDD-48CC-B455-AB6673253D21"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Evaluator

Configurations

References