QwikSec

Security Database

CVE

CWE

Training

CVE-2009-0316

Published: Jan 28, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937

x_refsource_CONFIRM

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305

x_refsource_MISC

vdb-entry

x_refsource_BID

[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)

mailing-list

x_refsource_MLIST

APPLE-SA-2010-03-29-1

vendor-advisory

x_refsource_APPLE

[debian-bugs-rc] 20080805 Bug#484305: bicyclerepair: bike.vim imports untrusted python files from cwd

mailing-list

x_refsource_MLIST

https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045

x_refsource_CONFIRM

http://support.apple.com/kb/HT4077

x_refsource_CONFIRM

vendor-advisory

x_refsource_MANDRIVA

vim-pysyssetargv-privilege-escalation(48275)

vdb-entry

x_refsource_XF

https://bugzilla.redhat.com/show_bug.cgi?id=481565

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.