Published: 10/10/2008 Updated: 11/10/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Heap-based buffer overflow in the mch_expand_wildcards function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted malicious users to execute arbitrary code via shell metacharacters in filenames, as demonstrated by the netrw.v3 test case.

Affected Products

Vendor Product Versions
VimVim6.2, 6.3

Vendor Advisories

Synopsis Moderate: vim security update Type/Severity Security Advisory: Moderate Topic Updated vim packages that fix various security issues are now available forRed Hat Enterprise Linux 3 and 4This update has been rated as having moderate security impact by the RedHat Security Response Team Desc ...


source: wwwsecurityfocuscom/bid/30648/info Vim is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data An attacker may exploit this issue to execute arbitrary code with the privileges of the user running the application Failed exploit attempts will likely result ...