1. CVE-Search
  2. CVE-2002-1377
ID CVE-2002-1377
Summary vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.
References
Vulnerable Configurations
  • cpe:2.3:a:vim_development_group:vim:5.0:*:*:*:*:*:*:*
    cpe:2.3:a:vim_development_group:vim:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vim_development_group:vim:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:vim_development_group:vim:5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vim_development_group:vim:5.2:*:*:*:*:*:*:*
    cpe:2.3:a:vim_development_group:vim:5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vim_development_group:vim:5.3:*:*:*:*:*:*:*
    cpe:2.3:a:vim_development_group:vim:5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vim_development_group:vim:5.4:*:*:*:*:*:*:*
    cpe:2.3:a:vim_development_group:vim:5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vim_development_group:vim:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:vim_development_group:vim:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vim_development_group:vim:5.6:*:*:*:*:*:*:*
    cpe:2.3:a:vim_development_group:vim:5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:vim_development_group:vim:5.7:*:*:*:*:*:*:*
    cpe:2.3:a:vim_development_group:vim:5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:vim_development_group:vim:5.8:*:*:*:*:*:*:*
    cpe:2.3:a:vim_development_group:vim:5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:vim_development_group:vim:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:vim_development_group:vim:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vim_development_group:vim:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:vim_development_group:vim:6.1:*:*:*:*:*:*:*
CVSS
Base: 4.6 (as of 10-10-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2002:297
  • rhsa
    id RHSA-2002:302
refmap via4
bid 6384
bugtraq 20040331 OpenLinux: vim arbitrary commands execution through modelines
conectiva CLA-2004:812
fulldisc 20021213 Some vim problems, yet still vim much better than windows
mandrake MDKSA-2003:012
misc http://www.guninski.com/vim1.html
sunalert 55700
xf vim-modeline-command-execution(10835)
Last major update 10-10-2017 - 01:30
Published 23-12-2002 - 05:00
Last modified 10-10-2017 - 01:30
Back to Top