CVE-2002-1377

Published: Sep 1, 2004

Modified: Aug 8, 2024

PUBLISHED

Description

vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

6384

vdb-entry

x_refsource_BID

RHSA-2002:302

vendor-advisory

x_refsource_REDHAT

http://www.guninski.com/vim1.html

x_refsource_MISC

20021213 Some vim problems, yet still vim much better than windows

mailing-list

x_refsource_FULLDISC

RHSA-2002:297

vendor-advisory

x_refsource_REDHAT

55700

vendor-advisory

x_refsource_SUNALERT

CLA-2004:812

vendor-advisory

x_refsource_CONECTIVA

MDKSA-2003:012

vendor-advisory

x_refsource_MANDRAKE

20040331 OpenLinux: vim arbitrary commands execution through modelines

mailing-list

x_refsource_BUGTRAQ

vim-modeline-command-execution(10835)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2002-1377

Description

Affected Products

References