CVE-2010-3914 — Gvim vulnerability

3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

2.6%

top 14.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

VIM Gvim Debian VIM

Timeline

PublishedNov 3

Latest updateMay 17

Description

Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDvim/gvim7.3.033+32

▶debiandebian/vim

Patches

Patch: ftp.vim.org ↗Patch: jvn.jp ↗Patch: ftp.vim.org ↗

🔴Vulnerability Details

GHSA

GHSA-v5pg-9f9w-5m2q: Untrusted search path vulnerability in VIM Development Group GVim before 7↗2022-05-17

▶

📋Vendor Advisories

Debian

CVE-2010-3914: vim - Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034...↗2010

▶