On Sat, 25 Sep 2010, Ben Fritz wrote:
On Sep 25, 11:17 am, "tux." wrote:
Hmm,
seems like Vim 7.3 suffers from the known Win32 DLL bug:
# define GETTEXT_DLL "libintl.dll"
So...what's the bug?
Presumably:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1795
Found by searching for:
Win32 DLL relative path bug
and finding:
http://arstechnica.com/microsoft/news/2010/08/new-windows-dll-security-flaw-everything-old-is-new-again.ars
which mentions a tweet by the Metasploit creator about an iTunes bug
that applies to other Windows programs:
http://twitter.com/hdmoore/status/21510351207
Gist is that the Windows DLL loading process searches the current
directory, unless specifically instructed not to. (Idiotic.) At least
it hasn't fronted the current directory by default for a while. (Prior
to XP SP2 default search order started with the Current dir and ended
with the system dirs.)
--
Best,
Ben H
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
