- Home
- CVEs with nessus.description==The remote host is affected by the vulnerability described in GLSA-201701-29 (Vim, gVim: Remote execution of arbitrary code)
Vim and gVim do not properly validate values for the ‘filetype’, ‘syntax’, and ‘keymap’ options.
Impact :
A remote attacker could entice a user to open a specially crafted file using Vim/gVim with certain modeline options enabled possibly resulting in execution of arbitrary code with the privileges of the process.
Workaround :
Disabling modeline support in .vimrc by adding “set nomodeline” will prevent exploitation of this flaw. By default, modeline is enabled for ordinary users but disabled for root.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top