Untrusted search path vulnerability in Lhaplus before 1.58 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
http://www7a.biglobe.ne.jp/~schezo/dll_vul.html
http://www.ipa.go.jp/about/press/20101012.html
http://secunia.com/advisories/41742