vim 6.0 and 6.1, and possibly other versions, allows malicious users to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
vim development group vim 5.0 |
||
vim development group vim 5.1 |
||
vim development group vim 5.8 |
||
vim development group vim 6.0 |
||
vim development group vim 6.1 |
||
vim development group vim 5.2 |
||
vim development group vim 5.3 |
||
vim development group vim 5.4 |
||
vim development group vim 5.5 |
||
vim development group vim 5.6 |
||
vim development group vim 5.7 |
Vulmon