Untrusted search path vulnerability in XacRett before 50 allows attackers to execute arbitrary code via a Trojan horse executable file, related to the explorer.exe filename and use of Windows Explorer.