CVE-2010-3914

critical

Published 2010-11-03 · Modified 2026-04-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

9.3

Description

Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

{Vendor advisory: vultures@jpcert.or.jp — ftp://ftp.vim.org/pub/vim/patches/7.3/7.3.034}

OS impact

Debian Fixed 5 releases

Version	Status	Fixed in
trixie	Fixed	`0`
sid	Fixed	`0`
forky	Fixed	`0`
bullseye	Fixed	`0`
bookworm	Fixed	`0`

Application impact

Vendor	Product	Versions
vim	gvim	`{"endIncluding":"7.3.033"}`
vim	gvim	`7.3.01`
vim	gvim	`7.3.02`
vim	gvim	`7.3.03`
vim	gvim	`7.3.04`
vim	gvim	`7.3.05`
vim	gvim	`7.3.06`
vim	gvim	`7.3.07`
vim	gvim	`7.3.08`
vim	gvim	`7.3.09`
vim	gvim	`7.3.010`
vim	gvim	`7.3.011`
vim	gvim	`7.3.012`
vim	gvim	`7.3.013`
vim	gvim	`7.3.014`
vim	gvim	`7.3.015`
vim	gvim	`7.3.016`
vim	gvim	`7.3.017`
vim	gvim	`7.3.018`
vim	gvim	`7.3.019`
vim	gvim	`7.3.020`
vim	gvim	`7.3.021`
vim	gvim	`7.3.022`
vim	gvim	`7.3.023`
vim	gvim	`7.3.024`
vim	gvim	`7.3.025`
vim	gvim	`7.3.026`
vim	gvim	`7.3.027`
vim	gvim	`7.3.028`
vim	gvim	`7.3.029`
vim	gvim	`7.3.030`
vim	gvim	`7.3.031`
vim	gvim	`7.3.032`

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.