PT-2002-2292 · Vim · Vim

Published

2002-12-23

Updated

2017-10-10

CVE-2002-1377

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions vim versions 6.0 through 6.1

Description The issue allows attackers to execute arbitrary commands using the libcall feature in modelines. Modelines are not sandboxed and may be executed when vim is used to edit a malicious file. This has been demonstrated using mutt.

Recommendations For versions 6.0 and 6.1, consider disabling the libcall feature in modelines as a temporary workaround until a patch is available. Restrict access to potentially malicious files to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1377

Affected Products

Vim

PT-2002-2292 · Vim · Vim

CVE-2002-1377

Related Identifiers

Affected Products

References · 14