CVE-2016-1248

Synopsis Moderate: vim security update Type/Severity Security Advisory: Moderate Topic An update for vim is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring Syste ...

Vim could be made to run programs as your login if it opened a specially crafted file ...

Florian Larysch and Bram Moolenaar discovered that vim, an enhanced vi editor, does not properly validate values for the filetype, syntax and keymap options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened For the stable distribution (jessie), this problem has been fixed in version 2:7448 ...

A vulnerability was found in vim in how certain modeline options were treated An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim (modelines are disabled by default for root, and enabled by default for other users) ...

A vulnerability was found in vim in how certain modeline options were treated An attacker could craft a file that, when opened in vim with modelines enabled, could execute arbitrary commands with privileges of the user running vim ...

A vulnerability has been discovered in vim which would allow arbitrary shell commands to be run if a user opened a file with a malicious modeline This is due to lack of validation of values for a few options Those options' values are then used in vim's scripts to build a command string that's evaluated by execute, which is what allows the shell c ...