Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2004-1138

Published: 10/01/2005 Updated: 11/10/2017
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Vim

Vulnerability Summary

VIM prior to 6.3 and gVim prior to 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu.

Vulnerable Product Search on Vulmon Subscribe to Product

vim development group vim 5.6

vim development group vim 5.7

vim development group vim 5.8

vim development group vim 6.3.044

vim development group vim 5.2

vim development group vim 5.3

vim development group vim 6.2

vim development group vim 6.3.011

vim development group vim 5.4

vim development group vim 5.5

vim development group vim 6.3.025

vim development group vim 6.3.030

vim development group vim 5.0

vim development group vim 5.1

vim development group vim 6.0

vim development group vim 6.1

Vendor Advisories

Ubuntu Security Notice: vim vulnerability
Ciaran McCreesh found several vulnerabilities related to the use of options in Vim modeline commands, such as ‘termcap’, ‘printdevice’, ‘titleold’, ‘filetype’, ‘syntax’, ‘backupext’, ‘keymap’, ‘patchmode’, and ‘langmenu’ ...
Red Hat: vim security update
Synopsis vim security update Type/Severity Security Advisory: Low Topic Updated vim packages that fix security vulnerabilities are now availablefor Red Hat Enterprise Linux 4This update has been rated as having low security impact by the Red HatSecurity Response Team Description VIM (Vi I ...
Red Hat: vim security update
Synopsis vim security update Type/Severity Security Advisory: Low Topic Updated vim packages that fix a modeline vulnerability are now available Description VIM (Vi IMproved) is an updated and improved version of the vi screen-basededitorCiaran McCreesh discovered a modeline vulnerability ...

References

NVD-CWE-Otherhttp://www.gentoo.org/security/en/glsa/glsa-200412-10.xmlhttps://bugzilla.fedora.us/show_bug.cgi?id=2343http://www.redhat.com/support/errata/RHSA-2005-010.htmlhttp://www.redhat.com/support/errata/RHSA-2005-036.htmlhttp://marc.info/?l=bugtraq&m=110313588125609&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/18503https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9571https://usn.ubuntu.com/52-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook