Untrusted search path vulnerability in Autodesk AutoCAD before 2014 allows local users to gain privileges and execute arbitrary VBScript code via a Trojan horse FAS file in the FAS file search path.
AutoCAD 2013 and earlier versions contained untrusted search path vulnerabilities. When AutoCAD loads FAS or DLL files, it searches for these files in the current working directory.