Ax

**Name of the Vulnerable Software and Affected Versions** Vim versions prior to 9.1.1552 **Description** Vim is an open source, command line text editor. A path traversal issue exists in Vim’s `tar.vim` plugin prior to version 9.1.1552, potentially allowing overwriting of arbitrary files when opening specially crafted tar archives. Exploitation requires direct user interaction, but successful exploitation could lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. Editing such a file in Vim reveals the filename and content, potentially alerting a careful user. Successful exploitation could result in the ability to execute arbitrary commands on the underlying operating system. **Recommendations** Update Vim to version 9.1.1552 or later.

**Name of the Vulnerable Software and Affected Versions** Vim versions prior to 9.1.1551 **Description** Vim, an open-source command-line text editor, contains a path traversal issue within its `zip.vim` plugin. This issue allows overwriting of arbitrary files when opening specially crafted zip archives. Exploitation requires direct user interaction, but successful exploitation could lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive. A victim editing such a file with Vim may reveal the filename and content, potentially indicating malicious activity. Successful exploitation could result in the ability to execute arbitrary commands on the underlying operating system. **Recommendations** Update Vim to version 9.1.1551 or later.