CVE-2009-0316

Name of the Vulnerable Software and Affected Versions Vim versions prior to 7.2.045

Description The issue is related to an untrusted search path vulnerability in the Python interface, allowing local users to execute arbitrary code via a Trojan horse Python file in the current working directory. This is due to a vulnerability in the PySys SetArgv function. The vulnerability can be demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.

Recommendations For versions prior to 7.2.045, update to version 7.2.045 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Python interface in Vim to minimize the risk of exploitation. Avoid using the PySys SetArgv function in the affected Python interface until the issue is resolved.