Untrusted search path vulnerability in TeraPad before 1.00 allows local users to gain privileges via a Trojan horse DLL in the current working directory.