CVE-2010-3914 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3914): Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information. Please punt vulnerable versions.
Cleanup is done, please go ahead with the glsa request
I'm not clear why we care about this; it looks like this is a Windows-only vuln.
(In reply to Chris Reffett from comment #2) > I'm not clear why we care about this; it looks like this is a Windows-only > vuln. That was the original reason it was glsa?. The patch is clearly for windows based .dll's, but needed verification by a second set of eyes. ftp://ftp.vim.org/pub/vim/patches/7.3/7.3.034
hm, looks like windiws-releated issue, indeed.
Okay then, bye bye bug.