Untrusted search path vulnerability in K2 K2Editor prior to 1.5.9 allows local users to gain privileges via a Trojan horse executable file in the current working directory.
k2top k2editor