Published: 02/05/2007 Updated: 16/10/2018

CVSS v2 Base Score: 7.6 | Impact Score: 10 | Exploitability Score: 4.9

VMScore: 677

Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C

The sandbox for vim allows dangerous functions such as (1) writefile, (2) feedkeys, and (3) system, which might allow user-assisted malicious users to execute shell commands and write files via modelines.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vim_development_group vim 7.0

Debian Bug report logs - #435401 sandbox for vim allows attackers to execute shell commands and write files via modelines Package: vim; Maintainer for vim is Debian Vim Maintainers <team+vim@trackerdebianorg>; Source for vim is src:vim (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> ...

Tomas Golembiovsky discovered that some vim commands were accidentally allowed in modelines By tricking a user into opening a specially crafted file in vim, an attacker could execute arbitrary code with user privileges ...

Several vulnerabilities have been discovered in the vim editor The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-2953 Ulf Härnhammar discovered that a format string flaw in helptags_one() from src/ex_cmdsc (triggered through the helptags command) can lead to the execution of arbitrary code ...

My Vim configuration

vimfiles This is my Vim configuration It used to be worse It aims to be compatible with a wide range of Vim versions (back to Vim 72 with the "tiny" feature set), providing reasonable fallback behavior whenever functionality is unavailable Here begins a series of notes to myself Installation A Unix-like operating system and Bourne-adjacent shell are assumed Err

Vim IDE 配置

Windows10 Vim Ide 配置本例子是在Windows10 上配置的，其他系统是否可用请自行尝试。安装路径建议使用默认路径即可。 Github 其他的资源可以再分享链接下载。这边只放了一个 _vimrc 文件。懒人版百度云链接: panbaiducom/s/1kEeCKsSNScaw4-ZFT_VWUQ 密码: 0git 下载完成以后，先安装三个exe文件，

📚 Encyclopedia

Список полезных команд Linux Вывод версии дистрибутива Дерево процессов Поиск процесса занимающего порт Фоновый процесс Работа с фоновыми процессами Ctrl + Z - приостановить и свернуть задачу Добавление для ${

NVD-CWE-Other http://marc.info/?l=vim-dev&m=117762581821298&w=2 http://marc.info/?l=vim-dev&m=117778983714029&w=2 http://tech.groups.yahoo.com/group/vimdev/message/46627 http://tech.groups.yahoo.com/group/vimdev/message/46658 http://tech.groups.yahoo.com/group/vimdev/message/46645 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=238259 http://www.securityfocus.com/bid/23725 http://secunia.com/advisories/25024 http://www.redhat.com/support/errata/RHSA-2007-0346.html http://www.securitytracker.com/id?1018035 http://secunia.com/advisories/25159 http://secunia.com/advisories/25182 http://www.trustix.org/errata/2007/0017/http://secunia.com/advisories/25255 http://tech.groups.yahoo.com/group/vimannounce/message/178 http://www.vim.org/news/news.php http://www.debian.org/security/2007/dsa-1364 http://www.mandriva.com/security/advisories?name=MDKSA-2007:101 http://www.novell.com/linux/security/advisories/2007_12_sr.html http://www.ubuntu.com/usn/usn-463-1 http://attrition.org/pipermail/vim/2007-May/001614.html http://www.attrition.org/pipermail/vim/2007-August/001770.html http://secunia.com/advisories/25367 http://secunia.com/advisories/25432 http://secunia.com/advisories/26653 http://www.vupen.com/english/advisories/2007/1599 http://osvdb.org/36250 https://exchange.xforce.ibmcloud.com/vulnerabilities/34012 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9876 http://www.securityfocus.com/archive/1/467202/100/0/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=435401 https://usn.ubuntu.com/463-1/https://nvd.nist.gov

CVE-2007-2438

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect