Search criteria
7 vulnerabilities found for GVim by Vim
FKIE_CVE-2022-37173
Vulnerability from fkie_nvd - Published: 2022-08-30 21:15 - Updated: 2024-11-21 07:14
Severity ?
Summary
An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/ycdxsb/Vuln/tree/main/Gvim-Installer-Vuln | Broken Link, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ycdxsb/Vuln/tree/main/Gvim-Installer-Vuln | Broken Link, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vim:gvim:9.0.0000:*:*:*:*:*:*:*",
"matchCriteriaId": "EB3C9BB3-C923-4118-AF39-51957327B4D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\\Program.exe."
},
{
"lang": "es",
"value": "Un problema en el instalador de gvim versi\u00f3n 9.0.0000, permite a atacantes autenticados ejecutar c\u00f3digo arbitrario por medio de un ataque de secuestro binario en C:\\Program.exe"
}
],
"id": "CVE-2022-37173",
"lastModified": "2024-11-21T07:14:33.610",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-30T21:15:09.677",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/ycdxsb/Vuln/tree/main/Gvim-Installer-Vuln"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory"
],
"url": "https://github.com/ycdxsb/Vuln/tree/main/Gvim-Installer-Vuln"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-3914
Vulnerability from fkie_nvd - Published: 2010-11-03 13:37 - Updated: 2025-04-11 00:51
Severity ?
Summary
Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vim | gvim | * | |
| vim | gvim | 7.3.01 | |
| vim | gvim | 7.3.02 | |
| vim | gvim | 7.3.03 | |
| vim | gvim | 7.3.04 | |
| vim | gvim | 7.3.05 | |
| vim | gvim | 7.3.06 | |
| vim | gvim | 7.3.07 | |
| vim | gvim | 7.3.08 | |
| vim | gvim | 7.3.09 | |
| vim | gvim | 7.3.010 | |
| vim | gvim | 7.3.011 | |
| vim | gvim | 7.3.012 | |
| vim | gvim | 7.3.013 | |
| vim | gvim | 7.3.014 | |
| vim | gvim | 7.3.015 | |
| vim | gvim | 7.3.016 | |
| vim | gvim | 7.3.017 | |
| vim | gvim | 7.3.018 | |
| vim | gvim | 7.3.019 | |
| vim | gvim | 7.3.020 | |
| vim | gvim | 7.3.021 | |
| vim | gvim | 7.3.022 | |
| vim | gvim | 7.3.023 | |
| vim | gvim | 7.3.024 | |
| vim | gvim | 7.3.025 | |
| vim | gvim | 7.3.026 | |
| vim | gvim | 7.3.027 | |
| vim | gvim | 7.3.028 | |
| vim | gvim | 7.3.029 | |
| vim | gvim | 7.3.030 | |
| vim | gvim | 7.3.031 | |
| vim | gvim | 7.3.032 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vim:gvim:*:*:*:*:*:*:*:*",
"matchCriteriaId": "725EE2B7-96C9-4972-8A7E-E69093F95B2E",
"versionEndIncluding": "7.3.033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF03D66-FE40-44F2-A3DD-C5B87836DDDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.02:*:*:*:*:*:*:*",
"matchCriteriaId": "7C08D893-042C-4ED1-86B6-1B8FE2E1D213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.03:*:*:*:*:*:*:*",
"matchCriteriaId": "9AD47983-31F2-43D6-99C2-F69D121AD2FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.04:*:*:*:*:*:*:*",
"matchCriteriaId": "A3E69659-8C99-4448-B103-81A5F435DE23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.05:*:*:*:*:*:*:*",
"matchCriteriaId": "E16D1B11-4CF5-4A9E-B022-B19D1C31DCC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.06:*:*:*:*:*:*:*",
"matchCriteriaId": "857EC47A-BE90-4A8C-9A06-637FCE871713",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.07:*:*:*:*:*:*:*",
"matchCriteriaId": "6D5AAB0D-8334-425A-8321-89B0D0AFBFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.08:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4E37D8-3AAA-4135-AD35-0446BB9C1EB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.09:*:*:*:*:*:*:*",
"matchCriteriaId": "841B6A12-C5D9-4836-8CC3-6E66ABA43C63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.010:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD69DCE-85A8-425F-9ADB-C6A09E520549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.011:*:*:*:*:*:*:*",
"matchCriteriaId": "F182D6F9-0533-4AA5-8F8D-EC8929350DAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.012:*:*:*:*:*:*:*",
"matchCriteriaId": "FA59E723-8B3D-40D9-81EF-21091ECA747B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.013:*:*:*:*:*:*:*",
"matchCriteriaId": "236381E0-D186-4A28-A696-CE35A03E3616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.014:*:*:*:*:*:*:*",
"matchCriteriaId": "51C542A6-F194-46E4-B943-678590C199CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.015:*:*:*:*:*:*:*",
"matchCriteriaId": "ECA565AB-B9A8-49CD-8553-DFB7450A32FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.016:*:*:*:*:*:*:*",
"matchCriteriaId": "DC2E6CC8-FA17-4FE3-ADBB-4E84555B6FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.017:*:*:*:*:*:*:*",
"matchCriteriaId": "8A0F0E45-E428-4FD1-9FB0-2B0DCEAF9FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.018:*:*:*:*:*:*:*",
"matchCriteriaId": "2FCF5A56-DB53-4B6F-ACB8-D5D48C0E4BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.019:*:*:*:*:*:*:*",
"matchCriteriaId": "6A614F92-9EC0-4AFB-B5C8-193A9D471057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.020:*:*:*:*:*:*:*",
"matchCriteriaId": "F8E6D309-1985-4F3F-A25F-575E158BFC51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.021:*:*:*:*:*:*:*",
"matchCriteriaId": "53F7B164-4563-45EF-B9AF-577AE303FAA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.022:*:*:*:*:*:*:*",
"matchCriteriaId": "9EE86FA1-7D5A-4DA0-8995-3B65E1B2EFF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.023:*:*:*:*:*:*:*",
"matchCriteriaId": "E80404AC-32BB-466A-9A7C-BEE4E4879C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.024:*:*:*:*:*:*:*",
"matchCriteriaId": "E10A79CE-DC4F-4E37-992F-54F8ABD8A51E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.025:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC5DE3D-4F80-43E2-A866-FEBECE405A30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.026:*:*:*:*:*:*:*",
"matchCriteriaId": "093FB356-0246-4DDF-AADD-0FCDA1CA1C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.027:*:*:*:*:*:*:*",
"matchCriteriaId": "597AAEEB-1F5C-45E6-83EC-E80937B390FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.028:*:*:*:*:*:*:*",
"matchCriteriaId": "BE277E41-16EF-4B9A-BEC5-8A98376E91AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.029:*:*:*:*:*:*:*",
"matchCriteriaId": "F32C2454-8A07-451C-AA14-C7513458B349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.030:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D381F5-42C9-484F-BC2A-534F40A5E921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.031:*:*:*:*:*:*:*",
"matchCriteriaId": "C16BC269-A435-4C9D-86C8-6F53C7FF1341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vim:gvim:7.3.032:*:*:*:*:*:*:*",
"matchCriteriaId": "8245FA83-9DDD-48CC-B455-AB6673253D21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de ruta de b\u00fasqueda no confiable en VIM Development Group GVim anterior a v7.3.034, y posiblemente versiones anteriores a v7.3.46, permite a usuarios locales, y posiblemente atacantes remotos, la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n y llevar a cabo ataques de secuestro DLL a trav\u00e9s de un troyano User32.dll u otra que se ubica en la misma carpeta que un archivo TXT. Nota: algunos de estos detalles han sido obtenidos a partir de informaci\u00f3n de terceros."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n\u0027CWE-426: Untrusted Search Path\u0027",
"evaluatorImpact": "http://www.kb.cert.org/vuls/id/707943",
"id": "CVE-2010-3914",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-11-03T13:37:08.997",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch"
],
"url": "ftp://ftp.vim.org/pub/vim/patches/7.3/7.3.034"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch"
],
"url": "http://jvn.jp/en/jp/JVN27868039/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000051.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42084"
},
{
"source": "vultures@jpcert.or.jp",
"url": "http://www.securityfocus.com/bid/44588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "ftp://ftp.vim.org/pub/vim/patches/7.3/7.3.034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://jvn.jp/en/jp/JVN27868039/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000051.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42084"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/44588"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-37173 (GCVE-0-2022-37173)
Vulnerability from cvelistv5 – Published: 2022-08-30 20:05 – Updated: 2024-08-03 10:21
VLAI?
Summary
An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:33.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ycdxsb/Vuln/tree/main/Gvim-Installer-Vuln"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\\Program.exe."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-30T20:05:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ycdxsb/Vuln/tree/main/Gvim-Installer-Vuln"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\\Program.exe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ycdxsb/Vuln/tree/main/Gvim-Installer-Vuln",
"refsource": "MISC",
"url": "https://github.com/ycdxsb/Vuln/tree/main/Gvim-Installer-Vuln"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37173",
"datePublished": "2022-08-30T20:05:57",
"dateReserved": "2022-08-01T00:00:00",
"dateUpdated": "2024-08-03T10:21:33.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3914 (GCVE-0-2010-3914)
Vulnerability from cvelistv5 – Published: 2010-11-03 01:00 – Updated: 2024-09-16 16:49
VLAI?
Summary
Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:26:12.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44588",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/44588"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.vim.org/pub/vim/patches/7.3/7.3.034"
},
{
"name": "42084",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42084"
},
{
"name": "JVN#27868039",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN27868039/index.html"
},
{
"name": "JVNDB-2010-000051",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000051.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-11-03T01:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "44588",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/44588"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.vim.org/pub/vim/patches/7.3/7.3.034"
},
{
"name": "42084",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42084"
},
{
"name": "JVN#27868039",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN27868039/index.html"
},
{
"name": "JVNDB-2010-000051",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000051.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2010-3914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44588",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44588"
},
{
"name": "ftp://ftp.vim.org/pub/vim/patches/7.3/7.3.034",
"refsource": "CONFIRM",
"url": "ftp://ftp.vim.org/pub/vim/patches/7.3/7.3.034"
},
{
"name": "42084",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42084"
},
{
"name": "JVN#27868039",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN27868039/index.html"
},
{
"name": "JVNDB-2010-000051",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000051.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2010-3914",
"datePublished": "2010-11-03T01:00:00Z",
"dateReserved": "2010-10-12T00:00:00Z",
"dateUpdated": "2024-09-16T16:49:08.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37173 (GCVE-0-2022-37173)
Vulnerability from nvd – Published: 2022-08-30 20:05 – Updated: 2024-08-03 10:21
VLAI?
Summary
An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:21:33.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/ycdxsb/Vuln/tree/main/Gvim-Installer-Vuln"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\\Program.exe."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-30T20:05:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/ycdxsb/Vuln/tree/main/Gvim-Installer-Vuln"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\\Program.exe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ycdxsb/Vuln/tree/main/Gvim-Installer-Vuln",
"refsource": "MISC",
"url": "https://github.com/ycdxsb/Vuln/tree/main/Gvim-Installer-Vuln"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37173",
"datePublished": "2022-08-30T20:05:57",
"dateReserved": "2022-08-01T00:00:00",
"dateUpdated": "2024-08-03T10:21:33.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-3914 (GCVE-0-2010-3914)
Vulnerability from nvd – Published: 2010-11-03 01:00 – Updated: 2024-09-16 16:49
VLAI?
Summary
Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:26:12.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "44588",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/44588"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.vim.org/pub/vim/patches/7.3/7.3.034"
},
{
"name": "42084",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42084"
},
{
"name": "JVN#27868039",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN27868039/index.html"
},
{
"name": "JVNDB-2010-000051",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000051.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-11-03T01:00:00Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "44588",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/44588"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.vim.org/pub/vim/patches/7.3/7.3.034"
},
{
"name": "42084",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42084"
},
{
"name": "JVN#27868039",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN27868039/index.html"
},
{
"name": "JVNDB-2010-000051",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000051.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2010-3914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44588",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44588"
},
{
"name": "ftp://ftp.vim.org/pub/vim/patches/7.3/7.3.034",
"refsource": "CONFIRM",
"url": "ftp://ftp.vim.org/pub/vim/patches/7.3/7.3.034"
},
{
"name": "42084",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42084"
},
{
"name": "JVN#27868039",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN27868039/index.html"
},
{
"name": "JVNDB-2010-000051",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000051.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2010-3914",
"datePublished": "2010-11-03T01:00:00Z",
"dateReserved": "2010-10-12T00:00:00Z",
"dateUpdated": "2024-09-16T16:49:08.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2010-000051
Vulnerability from jvndb - Published: 2010-11-01 18:51 - Updated:2010-11-01 18:51Summary
GVim may insecurely load dynamic libraries
Details
GVim may use unsafe methods for determining how to load DLLs.
GVim is a text editor. GVim loads certain DLL's when TXT files are opened. GVim contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000051.html",
"dc:date": "2010-11-01T18:51+09:00",
"dcterms:issued": "2010-11-01T18:51+09:00",
"dcterms:modified": "2010-11-01T18:51+09:00",
"description": "GVim may use unsafe methods for determining how to load DLLs.\r\n\r\nGVim is a text editor. GVim loads certain DLL\u0027s when TXT files are opened. GVim contains an issue with the DLL search path, which may lead to insecurely loading dynamic libraries.\r\n\r\nMakoto Shiotsuki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000051.html",
"sec:cpe": {
"#text": "cpe:/a:vim:gvim",
"@product": "GVim",
"@vendor": "Vim",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-000051",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN27868039/index.html",
"@id": "JVN#27868039",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/JVNTR-2010-23",
"@id": "JVNTR-2010-23",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3914",
"@id": "CVE-2010-3914",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3914",
"@id": "CVE-2010-3914",
"@source": "NVD"
},
{
"#text": "http://www.kb.cert.org/vuls/id/707943",
"@id": "VU#707943",
"@source": "CERT-VN"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA10-238A.html",
"@id": "TA10-238A",
"@source": "CERT-TA"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "GVim may insecurely load dynamic libraries"
}